installer.exe

The executable installer.exe has been detected as malware by 12 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bitstourhosting.com.
MD5:
954747e0b62ca6f471172f603da9a399

SHA-1:
07210170a4da61174a97f06c6fe1d8be4cdbf634

SHA-256:
2557438aa935e7c70837ba7b2c299124714e289270f58d570a9c991042dd7324

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/28/2024 8:56:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160119-0

Clam AntiVirus
W32.Sality-65
0.98/21340

Dr.Web
Win32.Sector.5
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality.OG
10.0.0.5366

ESET NOD32
Win32/Sality.NAR virus
7.0.302.0

F-Prot
W32/Sality.AK
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!EC68219F5184
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5231.0

Norman
Win32.Sality.OG
11.01.2016 17:30:26

Sophos
Virus 'W32/Sality-AM'
5.23

VIPRE Antivirus
Threat.416209
46910

File size:
278.5 KB (285,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/27/2016 7:53:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:s++fvpnNlsB3PH1hejZ8hXHaIdeQsU3DBojzu:RCvNPsdH1h68hXHEU32

Entry address:
0x23CF8

Entry point:
60, 6A, 00, FF, 15, 14, C0, 42, 00, 55, 81, D6, BD, 8C, 1F, 66, 23, CF, 69, FE, 5D, AC, BF, 86, 5D, 21, F9, D1, D6, 8D, 2D, 7B, 52, CD, 5C, E8, 00, 00, 00, 00, 56, F6, DE, 0F, CD, C7, C3, A9, C8, 6B, 82, 5A, C6, C4, BB, F6, DA, 0F, BE, C6, 5B, 81, C3, 60, 0F, 00, 00, 0F, B7, FD, 0F, C1, C8, 69, FE, 24, 57, BE, 89, 81, C3, 80, 03, 01, 00, 0F, BD, C3, 8D, 0D, 44, F7, DE, 29, F6, C5, EE, 53, 81, C3, 95, 1B, A5, 01, 0F, BA, E9, 64, EB, 01, F4, C1, D1, 84, 81, EB, 7F, 0A, A5, 01, 0F, AF, FE, FF, C1, 0F, A4, F7...
 
[+]

Entropy:
7.5010

Code size:
170.5 KB (174,592 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security