» hwmonitor-pro_1.24.exe
Overview
Analysis
File Details
Downloads (1)

hwmonitor-pro_1.24.exe

CPUID HWMonitor Pro

The executable hwmonitor-pro_1.24.exe, “CPUID HWMonitor Pro Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.cpuid.com.

File name:

Product:

CPUID HWMonitor Pro

Description:

CPUID HWMonitor Pro Setup

MD5:

96425eba8db59bb40e07350eab9839c7

SHA-1:

11e1bfb81b3c46b768c8f42539b265a575b8f320

SHA-256:

96936e78344cbcf75476717809b14bbdc6d0a7388f070edadd7b454fdb916627

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 2:11:43 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4591

Emsisoft Anti-Malware

Win32.Sality

16.07.04

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.225.315.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4721115

50318

File size:

1.4 MB (1,438,792 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:WQi1Ts9XlYTg/ZNZxZqmcIQlvmlJWD5n9eR4KHoHi7OdhkOxhtRBMBTlP0QjcpMX:W96pRBNZBekJ5zb7OdhLBGpf/

Entry address:

0xA5F8

Entry point:

0F, AF, F3, 0F, AF, C5, C7, C5, FD, 1E, 81, BE, 23, D5, 25, CC, 79, 3A, 62, 8D, 1D, E8, 6E, 6E, 8C, 51, EB, 02, 13, C6, 00, FE, 0F, AF, C0, 0F, B7, ED, 48, E8, 2A, 00, 00, 00, 84, F6, F6, C1, 65, F6, C0, 8F, 81, F6, 07, C6, 2E, A8, 8D, 15, 2D, 01, 21, 8A, F6, C7, EF, 81, C7, 60, BB, 00, 00, 0F, AF, C6, 8A, CC, 87, C1, 81, EF, 61, 06, 00, 00, 88, C7, 69, DE, D6, 9E, 32, 16, B7, BD, 39, F5, 8B, CD, 40, 88, CB, F3, 84, E3, 8B, EF, F6, C3, 15, 81, CB, 8F, B2, D0, F9, C6, C7, 3A, 85, C5, 73, 01, F3, 55, EB, 0B... 
[+]

Code size:

39.5 KB (40,448 bytes)

The file hwmonitor-pro_1.24.exe has been seen being distributed by the following URL.

http://download.cpuid.com/.../hwmonitor-pro_1.24.exe

Remove hwmonitor-pro_1.24.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.