inst093.exe

WYSIWYG Web Builder

Pablo Software Solutions

The executable inst093.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from volafile.io.
Publisher:
Pablo Software Solutions

Product:
WYSIWYG Web Builder

Version:
11.01

MD5:
32e4fe3fd7b0b47be5a32e4e2c1ede8e

SHA-1:
811b5b56c7488df020b945dbbd9dc6a030cd13da

SHA-256:
73ff97a0a3ea40036ce55e9d1822221a442a64e48cee05bb325312a7fe9cf43e

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/28/2024 4:41:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3268412
244

Avira AntiVirus
TR/Dropper.VB.dblu
8.3.3.4

Arcabit
Trojan.Generic.D31DF3C
1.0.0.696

avast!
Win32:Malware-gen
2014.9-160605

Bitdefender
Trojan.GenericKD.3268412
1.0.20.785

Emsisoft Anti-Malware
Trojan.GenericKD.3268412
8.16.06.05.05

ESET NOD32
Win32/Injector.CYVB (variant)
10.13587

Fortinet FortiGate
W32/Injector.CYVB!tr
6/5/2016

F-Secure
Trojan.GenericKD.3268412
11.2016-05-06_1

G Data
Trojan.GenericKD.3268412
16.6.25

MicroWorld eScan
Trojan.GenericKD.3268412
17.0.0.471

nProtect
Trojan.GenericKD.3268412
16.06.02.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Sophos
Mal/Generic-S
4.98

File size:
1.4 MB (1,519,616 bytes)

Product version:
11.01

Copyright:
Copyright © 2016

Trademarks:
http://www.wysiwygwebbuilder.com

Original file name:
webbuilder.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\inst093.exe

File PE Metadata
Compilation timestamp:
5/19/2016 10:07:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kqxeWgPF6z19NgdHeUfwqE4m4J+ZKxEjjJ8PvC8QbU5WwsnKcePw9eTXoo24+I1x:LxMWNgVfzMpeEp6fQbU5onSHTXc4+IX

Entry address:
0x10C4

Entry point:
68, 88, 11, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, C8, 40, D0, 95, 00, 25, CF, 4D, 92, 4F, 39, D5, 65, 4E, DC, 8B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, 62, 34, 70, 72, 6F, 6A, 65, 63, 74, 56, 62, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, B0, 3A, 40, 00, 07, 00, 00, 00, 64, 3A, 40, 00, 07, 00, 00, 00, 18, 3A, 40, 00, 07, 00, 00, 00, B8, 39, 40, 00, 01, 00, 0D, 00, A4, 34, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.4 MB (1,507,328 bytes)

The file inst093.exe has been seen being distributed by the following URL.

Remove inst093.exe - Powered by Reason Core Security