hermes_syncmanager_install(japan)_1.7.4.exe

The executable hermes_syncmanager_install(japan)_1.7.4.exe has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from wiki.cdnetworks.com.
MD5:
ccd8483f7708cee5eec5d8ed0273b6e3

SHA-1:
c47097f932fe0507050f6d5fc30eddea7d6e266d

SHA-256:
5dbfa161964b7f5b2a730d8197801beddffcc1fe709ee0a5e0348131f9fd1df1

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/27/2024 5:37:48 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Agent3
2015.0.3496

IKARUS anti.virus
Trojan.Win32.Webprefix
t3scan.1.6.1.0

Norman
Agent.VBTT
11.20140423

Qihoo 360 Security
Malware.QVM09.Gen
1.0.0.1015

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28524

File size:
1.7 MB (1,738,486 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hermes_syncmanager_install(japan)_1.7.4.exe

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:0Jnosb1MiXB8ErqznJHQ9PP2Bci07is6ohBtew6s:0osnBDezJwNP2BZ0GEhF6s

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9894

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hermes_syncmanager_install(japan)_1.7.4.exe has been seen being distributed by the following URL.

Remove hermes_syncmanager_install(japan)_1.7.4.exe - Powered by Reason Core Security