install.exe

UNINFO SISTEMAS LTDA ME

The executable install.exe has been detected as malware by 10 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.sugarsync.com.
Publisher:
UNINFO SISTEMAS LTDA ME  (signed and verified)

MD5:
2550bc758d5cf85d675bcfb3bba05787

SHA-1:
6107c26b7519bfee6549d2d8a51341a879a3f2e1

SHA-256:
4bb1bcaf31b8d587951d07273b929bda40f60c5e5078313755de49f7b74de6e5

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/15/2024 5:36:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
5704943

Arcabit
Trojan.Heur.DP.ED92BA
1.0.0.629

avast!
Win32:Banker-MOB [Trj]
151205-4

AVG
Win32/DH{bA?}
2016.0.2898

Bitdefender
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
1.0.20.1725

Emsisoft Anti-Malware
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
10.0.0.5366

F-Secure
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
5.15.21

G Data
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
15.12.25

MicroWorld eScan
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
16.0.0.1035

Norman
Gen:Trojan.Heur.DP.jTX@ayM2Pzhi
10.12.2015 09:05:08

File size:
1.1 MB (1,203,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
11/8/2015 10:00:00 PM

Valid to:
9/24/2016 8:59:59 PM

Subject:
CN=UNINFO SISTEMAS LTDA ME, O=UNINFO SISTEMAS LTDA ME, L=chapeco, S=santa catarina, C=BR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
355DD32E9A65DA38442099F9BEC250EB

File PE Metadata
Compilation timestamp:
11/17/2015 7:30:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:8iE8EYIXtgch4wRHzvNhoka5AAntcJ8lz7T:XEhP6cfba5AAnR1

Entry address:
0xE1C08

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, BC, 4D, 00, E8, F0, C4, F2, FF, 68, 78, 1C, 4E, 00, 6A, FF, 6A, 00, E8, 22, CE, F2, FF, E8, DD, CE, F2, FF, 3D, B7, 00, 00, 00, 75, 07, 6A, 00, E8, 47, CE, F2, FF, 68, C8, AF, 00, 00, E8, 59, 3B, F4, FF, E8, A0, 8E, FF, FF, E8, 2B, 8F, FF, FF, E8, F2, 90, FF, FF, E8, 55, 98, FF, FF, E8, 58, 9A, FF, FF, E8, 37, 9D, FF, FF, B8, C4, 1C, 4E, 00, E8, 3D, 8C, FF, FF, E8, 54, 9D, FF, FF, E8, 2F, 79, F2, FF, 00, 00, 00, 38, 00, 42, 00, 44, 00, 46, 00, 48, 00, 48, 00, 48, 00, 48, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
896 KB (917,504 bytes)

The file install.exe has been seen being distributed by the following URL.

Remove install.exe - Powered by Reason Core Security