» Instagram.exe
Overview
Analysis
File Details
Downloads (5)

Instagram.exe

Instagram

The application Instagram.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The file has been seen being downloaded from am4-r1f6-stor07.uploaded.net and multiple other hosts.

File name:

Instagram.exe

Product:

Instagram

Version:

1.0.0.0

MD5:

e26a69861d71c49de36052380d87f115

SHA-1:

830c641a7fe49badcb83b4cf4dac24593b64f9b4

SHA-256:

bba0e46f7983c93efaa3e216dbf24504cadba4e970c7a59e13b0c4ec5699f2ea

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

11/29/2024 8:48:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.MSIL.WNU

5752166

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/SMSHoax.K

3.6.1.96

avast!

MSIL:Fakeapp-A [Adw]

150414-0

Baidu Antivirus

Hacktool.MSIL.Agent

4.0.3.1552

Bitdefender

Trojan.MSIL.WNU

1.0.20.610

Comodo Security

UnclassifiedMalware

21597

Emsisoft Anti-Malware

Trojan.MSIL.WNU

9.0.0.4799

ESET NOD32

MSIL/HackTool.Agent.O trojan

7.0.302.0

Fortinet FortiGate

Malware_fam.NB

5/2/2015

F-Secure

Trojan.MSIL.WNU

5.13.68

G Data

Trojan.MSIL.WNU

15.5.25

IKARUS anti.virus

Trojan.Msil

t3scan.1.8.9.0

McAfee

Program.Artemis!E26A69861D71

16.8.708.2

MicroWorld eScan

Trojan.MSIL.WNU

16.0.0.366

NANO AntiVirus

Trojan.Win32.Generic.dbhifv

0.30.8.659

Norman

Trojan.MSIL.WNU

03.12.2014 13:20:04

nProtect

Trojan.MSIL.WNU

15.03.30.01

Panda Antivirus

Trj/CI.A

15.05.02.03

Qihoo 360 Security

Win32/Trojan.cf5

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0EH814

7.2.122

Trend Micro

TROJ_GEN.R0CBC0EH814

10.465.02

VIPRE Antivirus

Threat.4439742

39486

File size:

817 KB (836,608 bytes)

Product version:

1.0.0.0

Original file name:

Instagram.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\instagram.exe

File PE Metadata

Compilation timestamp:

8/16/2013 2:11:15 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:U0r565UEIX1h0r565UEIX1ytq1SdVbkYeHCp8+jDtq1SdVbkYkOMYs40r565UUI4:UEk9SjEk9SKVwxe8+7Vw/OMH4EkbSI

Entry address:

0x9BDDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A3, FD, 0C, 52, 00, 00, 00, 00, 02, 00, 00, 00, 88, 00, 00, 00, 1C, C0, 09, 00, 1C, A2, 09, 00, 52, 53, 44, 53, 07, 5C, E3, F3, 9F, 0F, 89, 4D, A2, 39, 7F, 94, 19, 3B, DB, F9, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 4E, 55, 4C, 4C, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F, 20, 32, 30, 31, 30... 
[+]

Entropy:

7.3268

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

615.5 KB (630,272 bytes)

The file Instagram.exe has been seen being distributed by the following 5 URLs.

http://am4-r1f6-stor07.uploaded.net/.../5bd1beec-94c4-48d2-ba0f-56400aa7ee88

http://am4-r1f9-stor08.uploaded.net/.../7009bb04-3f1d-4254-8afe-a595c65b1993

http://am4-r1f9-stor08.uploaded.net/.../c611d4f3-8af5-40f3-b38e-f814987aeb6d

https://mega.nz/temporary/.../Dh5h0TDb

https://mega.nz/persistent/.../Dh5h0TDb

Remove Instagram.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.