installer.exe

Sogi

The executable installer.exe, “Sogi Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.thursaaw.com.
Product:
Sogi

Description:
Sogi Setup

Version:
2.3

MD5:
11457a44d8d6a118a80a7005a255b8f9

SHA-1:
199429bdc26b38ff2963b6abd5b92e3f4fa48a6b

SHA-256:
20dd3197f2bab25452d7a38c80c5317515b01a2605153d85732009772ae56601

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 5:46:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160216-0

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.312.0

Norman
Win32.Sality.3
29.02.2016 05:46:54

Sophos
Virus 'Mal/Sality-D'
5.23

File size:
518.1 KB (530,539 bytes)

Product version:
2.3

Copyright:
Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:52:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:rQiRqAIiof/4Zr75WE8CRecvDANRl7q3C8pJth:rQiYhio08oRvDAzl7uh

Entry address:
0xA5F8

Entry point:
0F, AF, D0, 25, D0, 02, 1C, 81, 81, EE, B7, CD, 8B, 56, 88, C1, 22, E3, B6, 22, EB, 09, 81, F7, 71, F2, 6B, 91, 0F, AF, CB, 75, 06, 69, CA, DC, DC, 30, AD, 81, F8, 78, 54, D5, 8B, 74, 0B, 69, DA, D6, DE, F8, 30, 89, F8, 0F, B7, ED, E8, 93, 00, 00, 00, 0D, BE, F2, C6, 91, 87, C0, 4B, 69, FD, 4E, B1, CC, 2B, C6, C7, 31, 0F, AF, E9, 81, FF, 3F, 36, 56, FE, 81, F9, 14, 89, 00, 00, 69, C1, 0B, 98, BD, B8, 8B, D6, 86, EC, 18, C6, F7, C1, 81, 0B, 5D, E5, BB, F3, 20, 03, B3, 4B, 68, 22, 14, 00, 00, 89, D2, 49, 45...
 
[+]

Code size:
39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security