install.exe

The executable install.exe has been detected as malware by 21 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address 118.rbx4.ovh.abcd.network on port 443.
MD5:
e15f20f0aec067332b32c461703cc01c

SHA-1:
0f7c33e712add0f04bde866a8cc55ec77467016e

SHA-256:
cad24b9829b45062aebff63120687b78616601a78d9e54a8484f5ad9de53964b

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
11/1/2024 3:38:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.19394268
59

AegisLab AV Signature
Heur.Advml.Gen!c
2.1.4+

Avira AntiVirus
TR/Dldr.Agent.gzpkd
8.3.3.4

Arcabit
Trojan.Generic.D127EEDC
1.0.0.788

avast!
Win32:Malware-gen
2014.9-161206

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.16126

Bitdefender
Trojan.Generic.19394268
1.0.20.1705

Bkav FE
HW32.Packed
1.3.0.8455

Emsisoft Anti-Malware
Trojan.Generic.19394268
8.16.12.06.07

Fortinet FortiGate
W32/Agent.HHDQ!tr.dldr
12/6/2016

F-Secure
Trojan.Generic.19394268
11.2016-06-12_3

G Data
Trojan.Generic.19394268
16.12.25

Kaspersky
Trojan-Downloader.Win32.Agent
14.0.0.-819

McAfee
Artemis!E15F20F0AEC0
5600.6193

MicroWorld eScan
Trojan.Generic.19394268
17.0.0.1023

NANO AntiVirus
Trojan.Win32.Agent.eimkou
1.0.70.13328

Panda Antivirus
Trj/CI.A
16.12.06.07

Qihoo 360 Security
HEUR/QVM19.1.0000.Malware.Gen
1.0.0.1120

Trend Micro House Call
TROJ_GEN.R047C0EJQ16
7.2.341

Trend Micro
TROJ_GEN.R047C0EJQ16
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
53952

File size:
1.5 MB (1,524,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install.exe

File PE Metadata
Compilation timestamp:
7/1/2016 6:32:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

Entry address:
0x306C49

Entry point:
EB, 08, 73, 70, 01, 00, 00, 00, 00, 00, E9, 84, AF, FE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 40, 41, 00, B0, 6C, 70, 00, 38, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, 56, 00, 00, 40, 58, 00, 00, A0, B1, 00, 00, 65, B1, 02, 00, 6F, B2, 02, 00, 00, 05, 03, 00, 8C...
 
[+]

Entropy:
7.9694  (probably packed)

Code size:
1.5 MB (1,523,200 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 118.rbx4.ovh.abcd.network  (176.31.124.38:443)

TCP (HTTP):
Connects to dev.ucoz.net  (195.216.243.123:80)

Remove install.exe - Powered by Reason Core Security