» instalar.exe
Overview
Analysis
File Details
Downloads (1)

instalar.exe

The executable instalar.exe has been detected as malware by 26 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from baixaturbobrasil.hospedagemdesites.ws.

File name:

instalar.exe

MD5:

08a18a8690b66db8175980c775502326

SHA-1:

5e12e919584d28d89c53542c96931a5922a7ff3a

SHA-256:

becb2cf4d7ea8b40a43c8fbc7839e8604fdcb780397599dcf5683fe493021f20

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/8/2025 6:29:00 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/ASD.variant

2013.08.20

Avira AntiVirus

TR/Barys.5173.29

7.11.97.88

avast!

Win32:Banload-IAO [Trj]

2014.9-160331

AVG

Downloader.Generic13

2017.0.2787

Bitdefender

Gen:Variant.Barys.5173

1.0.20.455

Comodo Security

UnclassifiedMalware

16792

Dr.Web

Trojan.DownLoader8.18675

9.0.1.091

Emsisoft Anti-Malware

Gen:Variant.Barys.5173

8.16.03.31.06

ESET NOD32

Win32/TrojanDownloader.Delf.RZP

10.8705

Fortinet FortiGate

W32/Tfr.W!tr

3/31/2016

F-Prot

W32/Banload.Y.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Barys.5173

11.2016-31-03_5

G Data

Gen:Variant.Barys.5173

16.3.22

IKARUS anti.virus

Trojan-Dropper.Delf

t3scan.2.0.127

K7 AntiVirus

Trojan-Downloader

13.170.9324

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.431

McAfee

RDN/Generic.tfr!w

5600.6443

MicroWorld eScan

Gen:Variant.Barys.5173

17.0.0.273

NANO AntiVirus

Trojan.Win32.Banload.bkmmvl

0.26.0.53954

Norman

Suspicious_Gen5.PSLK

11.20160331

Panda Antivirus

Trj/OCJ.D

16.03.31.06

Sophos

Mal/Generic-S

4.91

Trend Micro House Call

TROJ_GEN.R2ECPDD

7.2.91

Trend Micro

TROJ_GEN.R2ECPDD

10.465.31

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.22.3

VIPRE Antivirus

Trojan.Win32.Generic

20680

File size:

598 KB (612,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\instalar.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Ou+oA+5bGJNeDCsgY2Kg5DC6fLGTz5cf7M:NJpG6DCs4KkRTGTz5n

Entry address:

0x698EC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 9C, 95, 46, 00, E8, D4, C4, F9, FF, A1, F0, B9, 46, 00, 8B, 00, E8, 64, 60, FE, FF, A1, F0, B9, 46, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, F4, BB, 46, 00, A1, F0, B9, 46, 00, 8B, 00, 8B, 15, 18, 91, 46, 00, E8, 59, 60, FE, FF, A1, F0, B9, 46, 00, 8B, 00, E8, CD, 60, FE, FF, E8, 34, A4, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

418.5 KB (428,544 bytes)

The file instalar.exe has been seen being distributed by the following URL.

http://baixaturbobrasil.hospedagemdesites.ws/Instalar.exe

Remove instalar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.