» instalador.exe
Overview
Analysis
File Details
Downloads (1)

instalador.exe

The application instalador.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from updater.shadowl2.es.

File name:

instalador.exe

MD5:

2c7f6f9d94ff59222089f63244e1c378

SHA-1:

79c4d85971dd1736c1c39fafacfd185f7e2df225

SHA-256:

dd9cb7eec5d7fda3e601c297c716e4fbbf5bb65432d52ea641af31fb4af834c0

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

1/16/2025 6:00:22 AM UTC (today)

Scan engine

Detection

Engine version

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.685

Quick Heal

(Suspicious) - DNAScan

2.16.14.00

Reason Heuristics

Threat.Downloader.KY

16.2.29.19

Trend Micro House Call

PAK_Generic.006

7.2.41

Trend Micro

PAK_Generic.006

10.465.10

Zillya! Antivirus

Adware.Amonetize.Win32.14606

2.0.0.2494

File size:

912.1 KB (934,005 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\instalador.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:lotr+In5S95NZs3def5+B/vbh5ISCIuTPCuVLX4r:Otrl5u53gRnbh5ISCIuTPCuVb6

Entry address:

0x13B046

Entry point:

B8, 00, B0, 53, 00, 68, 8C, CC, 47, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 8B, D8, 03, 00, 68, 2C, 3E, 03, 00, 6A, 00, FF, 50, 1C, 89, 43, 08, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 33, 66, 81, C7, 80, 07, 8D, 74, 1E, 08, 89, 3B, 53, 8B, 5E, 10, B8, 80, 08, 00, 00, 56, 6A, 02, 50, 57, 6A, 3B, 6A, 0A, 56, 6A, 04, 50, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 58, 81, C6, 10, 02, 00, 00, F3, A5, FF, D3, 58, 8D, 90, A0, 01, 00, 00, 8B, 0A, 83, C2, 14, 8B, 5A, F0, 85... 
[+]

Packer / compiler:

PEtite v2.2

Code size:

497.7 KB (509,641 bytes)

The file instalador.exe has been seen being distributed by the following URL.

http://updater.shadowl2.es/Instalador.exe

Remove instalador.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.