install.exe

Install.exe

Canon Inc.

The executable install.exe, “Universal Installer Windows” has been detected as malware by 12 anti-virus scanners.
Publisher:
Canon Inc.  (signed and verified)

Product:
Install.exe

Description:
Universal Installer Windows

Version:
2.5.0.5

MD5:
8bc8df20bf02ee8b3f1f760ba58684af

SHA-1:
3f07c165680550633d810150a5ec5d4333f040f2

SHA-256:
ea9cb3fb6c9031d238916164b7eee0ef8bb11704350da312705d4a4d732fd7a0

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/25/2024 3:01:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif
2015.0.4568

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!8BC8DF20BF02
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.345.0

Norman
Win32.Floxif.A
15.04.2016 04:58:04

VIPRE Antivirus
Threat.4760052
49072

File size:
1.9 MB (1,946,615 bytes)

Product version:
2.5.0.5

Copyright:
(c)Copyright, CANON INC. 2014

Original file name:
install.exe

File type:
Executable application (Win32 EXE)

Language:
Japanese (Japan)

Common path:
C:\Program Files\common files\canon_inc_ic\universalinstaller\install\install.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/20/2014 12:00:00 AM

Valid to:
7/21/2015 11:59:59 PM

Subject:
CN=Canon Inc., OU=ICP Network Strategy Planning, O=Canon Inc., L=Ohta-ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68AAA30F65DDEDC6408E89EE2E7C0FBA

File PE Metadata
Compilation timestamp:
9/12/2014 8:03:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:IGtKBoCw3XTgpHUXC+sLyKU/XKBLYww0I+MQIbAsx6DEEOKF9w7WQ:ICb/XTgpHUXoLyKUfKBLYwfIDbz6DEEm

Entry address:
0x10F9BC

Entry point:
E9, F2, 9F, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 60, E3, 58, 00, 75, 02, F3, C3, E9, 30, 7B, 00, 00, 8B, C1, 83, 60, 04, 00, C7, 00, 20, 3F, 56, 00, C6, 40, 08, 00, C3, 8B, 41, 04, 85, C0, 75, 05, B8, 28, 3F, 56, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, B6, 2A, 00, 00, 8D, 70, 01, 56, E8, 01, 06, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, E5, 7B, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D, C2, 04, 00, 8B, FF, 56, 8B, F1, 80, 7E, 08, 00...
 
[+]

Entropy:
6.5219

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.2 MB (1,298,944 bytes)

Remove install.exe - Powered by Reason Core Security