» install.exe
Overview
Analysis
File Details
Network (2)

install.exe

The executable install.exe has been detected as malware by 21 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address 118.rbx4.ovh.abcd.network on port 443.

File name:

install.exe

MD5:

e15f20f0aec067332b32c461703cc01c

SHA-1:

0f7c33e712add0f04bde866a8cc55ec77467016e

SHA-256:

cad24b9829b45062aebff63120687b78616601a78d9e54a8484f5ad9de53964b

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

11/30/2024 5:21:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.19394268

AegisLab AV Signature

Heur.Advml.Gen!c

2.1.4+

Avira AntiVirus

TR/Dldr.Agent.gzpkd

8.3.3.4

Arcabit

Trojan.Generic.D127EEDC

1.0.0.788

avast!

Win32:Malware-gen

2014.9-161206

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.16126

Bitdefender

Trojan.Generic.19394268

1.0.20.1705

Bkav FE

HW32.Packed

1.3.0.8455

Emsisoft Anti-Malware

Trojan.Generic.19394268

8.16.12.06.07

Fortinet FortiGate

W32/Agent.HHDQ!tr.dldr

12/6/2016

F-Secure

Trojan.Generic.19394268

11.2016-06-12_3

G Data

Trojan.Generic.19394268

16.12.25

Kaspersky

Trojan-Downloader.Win32.Agent

14.0.0.-819

McAfee

Artemis!E15F20F0AEC0

5600.6193

MicroWorld eScan

Trojan.Generic.19394268

17.0.0.1023

NANO AntiVirus

Trojan.Win32.Agent.eimkou

1.0.70.13328

Panda Antivirus

Trj/CI.A

16.12.06.07

Qihoo 360 Security

HEUR/QVM19.1.0000.Malware.Gen

1.0.0.1120

Trend Micro House Call

TROJ_GEN.R047C0EJQ16

7.2.341

Trend Micro

TROJ_GEN.R047C0EJQ16

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

53952

File size:

1.5 MB (1,524,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\install.exe

File PE Metadata

Compilation timestamp:

7/1/2016 6:32:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

Entry address:

0x306C49

Entry point:

EB, 08, 73, 70, 01, 00, 00, 00, 00, 00, E9, 84, AF, FE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 40, 41, 00, B0, 6C, 70, 00, 38, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, 56, 00, 00, 40, 58, 00, 00, A0, B1, 00, 00, 65, B1, 02, 00, 6F, B2, 02, 00, 00, 05, 03, 00, 8C... 
[+]

Entropy:

7.9694 (probably packed)

Code size:

1.5 MB (1,523,200 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to 118.rbx4.ovh.abcd.network (176.31.124.38:443)

TCP (HTTP):

Connects to dev.ucoz.net (195.216.243.123:80)

Remove install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.