» install.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

install.exe

Energizer Softech Pvt ltd

The application install.exe by Energizer Softech Pvt ltd has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.pcbooster.com. While running, it connects to the Internet address pacific1019.us.unmetered.com on port 80 using the HTTP protocol.

File name:

install.exe

Publisher:

Energizer Softech Pvt ltd (signed and verified)

MD5:

2a53abe19f6919aee194a8a1047cf6af

SHA-1:

f85ae5257d541663022c3314b0fb18d3e8ade601

SHA-256:

3d236746dd0ea4caae49de1afb4fa528c79aacc92848454c54b298cc6b7c5f09

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 9:01:37 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

18416

Reason Heuristics

PUP.Optional.EnergizerSoftechPvtltd.H

14.11.21.23

File size:

309.2 KB (316,664 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\install.exe

Digital Signature

Signed by:

Energizer Softech Pvt ltd

Authority:

COMODO CA Limited

Valid from:

7/20/2011 6:00:00 PM

Valid to:

7/20/2016 5:59:59 PM

Subject:

CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, STREET=13/267 Geeta Colony, L=Delhi, S=Delhi, PostalCode=110031, C=IN

Issuer:

CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

209A749E9EB13B3BCA0002A965947A5D

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:6HOKqEQ8ZX+oue9P+iiQd31VSKO6uSOFc/vrF2WM+EJ3A7XntHd:C1JfZIQHV46uvFcHr2L8nt9

Entry address:

0xA24E0

Entry point:

60, BE, 00, E0, 46, 00, 8D, BE, 00, 30, F9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.5202

Packer / compiler:

UPX 2.90LZMA]

Code size:

212 KB (217,088 bytes)

The file install.exe has been seen being distributed by the following URL.

http://www.pcbooster.com/.../download.php

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to pacific1019.us.unmetered.com (199.217.118.23:80)

Remove install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.