» install.exe
Overview
Analysis
File Details
Downloads (1)

install.exe

UNINFO SISTEMAS LTDA ME

The application install.exe by UNINFO SISTEMASA ME has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.sugarsync.com.

File name:

install.exe

Publisher:

UNINFO SISTEMAS LTDA ME (signed and verified)

MD5:

d05515c4ad6f4694b42b3f347cc9cc2e

SHA-1:

6f4ca917327b9754bda90748fb99728f1b0966d2

SHA-256:

a2e482c5e6d0e3b2f8c286e0802393a8cc97391ab83b133f3934028fadc986c4

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 5:42:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

393

Arcabit

Trojan.Heur.DP.EDC3FB

1.0.0.624

AVG

Win32/DH{bA?}

2017.0.2871

Bitdefender

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

1.0.20.40

Emsisoft Anti-Malware

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

8.16.01.08.04

F-Secure

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

11.2016-08-01_6

G Data

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

16.1.25

MicroWorld eScan

Gen:Trojan.Heur.DP.jTX@ayeQh!ji

17.0.0.24

Reason Heuristics

PUP.UNINFOSISTEMASAME.Installer (M)

16.1.15.0

File size:

1.1 MB (1,203,208 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\install.exe

Digital Signature

Signed by:

UNINFO SISTEMAS LTDA ME

Authority:

thawte, Inc.

Valid from:

11/8/2015 10:00:00 PM

Valid to:

9/24/2016 8:59:59 PM

Subject:

CN=UNINFO SISTEMAS LTDA ME, O=UNINFO SISTEMAS LTDA ME, L=chapeco, S=santa catarina, C=BR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

355DD32E9A65DA38442099F9BEC250EB

File PE Metadata

Compilation timestamp:

11/18/2015 9:37:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:BiE8EYIXtgch4wRHzvNhoka5AAntcJ8lz7D:oEhP6cfba5AAnR9

Entry address:

0xE1C08

Entry point:

55, 8B, EC, 83, C4, F0, B8, F0, BC, 4D, 00, E8, F0, C4, F2, FF, 68, 78, 1C, 4E, 00, 6A, FF, 6A, 00, E8, 22, CE, F2, FF, E8, DD, CE, F2, FF, 3D, B7, 00, 00, 00, 75, 07, 6A, 00, E8, 47, CE, F2, FF, 68, C8, AF, 00, 00, E8, 59, 3B, F4, FF, E8, A0, 8E, FF, FF, E8, 2B, 8F, FF, FF, E8, F2, 90, FF, FF, E8, 55, 98, FF, FF, E8, 58, 9A, FF, FF, E8, 37, 9D, FF, FF, B8, C4, 1C, 4E, 00, E8, 3D, 8C, FF, FF, E8, 54, 9D, FF, FF, E8, 2F, 79, F2, FF, 00, 00, 00, 38, 00, 42, 00, 44, 00, 46, 00, 48, 00, 48, 00, 48, 00, 48, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

896 KB (917,504 bytes)

The file install.exe has been seen being distributed by the following URL.

https://www.sugarsync.com/.../D3165219_035_862326833?directDownload=true

Remove install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.