home

installer.exe

The executable installer.exe has been detected as malware by 13 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.townsoftwarebody.com.
MD5:
50403b751350935853d4d2939fc72705

SHA-1:
117f23b7604563f907381579e51f3dacbe816542

SHA-256:
637ef19a9630d124566be1a7ff03eff04941f90af5415ac9009c00366fbde338

Scanner detections:
13 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 5:58:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
5819428

avast!
Win32:SaliCode
160112-0

AVG
Win32/Sality
2015.0.4477

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3090.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

Sophos
Virus 'Mal/Sality-D'
5.22

VIPRE Antivirus
Threat.4758034
46434

File size:
492 KB (503,808 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/15/2016 2:09:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:6ZpE0S6AzVt2wEhA0oC4aVxlOsv5jO9kayGUS:cpEETwcAdUOshOKayG

Entry address:
0x5E5C6

Entry point:
80, F4, 5F, 81, FE, C2, 04, 00, 00, 75, 05, F7, D3, C6, C0, 4C, 13, D0, F7, C3, 66, 92, 2B, 6E, E8, 00, 00, 00, 00, F6, D2, 85, C8, 85, D9, 81, C3, EB, E4, 00, 00, F7, D0, 81, C3, B0, 09, 00, 00, 89, F0, 70, 03, 0F, B7, EE, 45, BF, 59, D6, 00, 00, EB, 03, C6, C5, 70, 81, F7, B6, D0, 00, 00, 81, C7, 67, 05, 00, 00, BD, 9C, DE, 05, DF, 3D, E0, 44, 00, 00, 75, 08, 69, E9, BB, 9B, 15, CD, F6, DA, 81, EF, 7F, 0D, 00, 00, 84, F0, 81, C7, 7E, 0D, 00, 00, F6, D5, 69, DE, 36, F7, C9, EB, 81, FF, EF, 03, 00, 00, 73...
 
[+]

Entropy:
7.1572

Code size:
400 KB (409,600 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.townsoftwarebody.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.