installer.exe

The application installer.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.megapackagetours.com.
MD5:
d9193512cb3ff1292acfb70ec2dc7cd5

SHA-1:
032af7d63437c002fc60be995a87347e9efb6360

SHA-256:
0b5c9445e9849a5b8c7aea6629252702757999682affe69814322a39f95e5bc3

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 1:04:39 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160216-0

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Program.Artemis!6CBC3F6C6913
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.1857.0

Norman
Win32.Sality.3
29.02.2016 03:11:57

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4721115
47848

File size:
364 KB (372,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/3/2016 8:48:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:d517KHrsKI9LOta2rz62DGF4B1WkNTdEe9i8SugsKoLlSBkq3Nxg4E74NyxENHCE:d517eJIxOFzDDk8TdXi8SG1LlSBkq3NP

Entry address:
0x3E5DC

Entry point:
8B, EA, 56, 68, 4E, 68, 4C, 00, F2, FF, C2, 89, DA, 81, E7, F7, 17, 24, E0, 69, EB, 32, 08, CB, A1, F2, 55, 52, FF, CB, 4A, 3D, E7, 36, 79, 30, F2, B1, 7F, 85, DE, 74, 0D, 69, EE, 92, C3, 68, AF, 69, D5, 18, 3F, 2F, 8C, F3, E8, 2A, 00, 00, 00, 80, F6, 96, 8D, 0D, B8, 9B, 3B, BD, 76, 04, 85, D1, 31, D7, FF, CE, FF, C9, 8A, FB, 35, 2C, 33, 00, 00, 81, FB, 71, 4C, 00, 00, 75, 08, B6, 36, 81, DF, FB, 83, D4, F5, 85, F9, FF, CA, 89, C7, F6, C5, 92, 85, FB, 78, 05, FF, C1, 0F, AF, D8, 81, EE, 2C, F4, 08, 00, 89...
 
[+]

Entropy:
7.7817  (probably packed)

Code size:
272 KB (278,528 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security