» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Sogi

The executable installer.exe, “Sogi Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.thursaaw.com.

File name:

installer.exe

Product:

Sogi

Description:

Sogi Setup

Version:

2.3

MD5:

11457a44d8d6a118a80a7005a255b8f9

SHA-1:

199429bdc26b38ff2963b6abd5b92e3f4fa48a6b

SHA-256:

20dd3197f2bab25452d7a38c80c5317515b01a2605153d85732009772ae56601

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 5:46:12 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160216-0

Dr.Web

Win32.Sector.30

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.312.0

Norman

Win32.Sality.3

29.02.2016 05:46:54

Sophos

Virus 'Mal/Sality-D'

5.23

File size:

518.1 KB (530,539 bytes)

Product version:

2.3

Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:52:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:rQiRqAIiof/4Zr75WE8CRecvDANRl7q3C8pJth:rQiYhio08oRvDAzl7uh

Entry address:

0xA5F8

Entry point:

0F, AF, D0, 25, D0, 02, 1C, 81, 81, EE, B7, CD, 8B, 56, 88, C1, 22, E3, B6, 22, EB, 09, 81, F7, 71, F2, 6B, 91, 0F, AF, CB, 75, 06, 69, CA, DC, DC, 30, AD, 81, F8, 78, 54, D5, 8B, 74, 0B, 69, DA, D6, DE, F8, 30, 89, F8, 0F, B7, ED, E8, 93, 00, 00, 00, 0D, BE, F2, C6, 91, 87, C0, 4B, 69, FD, 4E, B1, CC, 2B, C6, C7, 31, 0F, AF, E9, 81, FF, 3F, 36, 56, FE, 81, F9, 14, 89, 00, 00, 69, C1, 0B, 98, BD, B8, 8B, D6, 86, EC, 18, C6, F7, C1, 81, 0B, 5D, E5, BB, F3, 20, 03, B3, 4B, 68, 22, 14, 00, 00, 89, D2, 49, 45... 
[+]

Code size:

39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.thursaaw.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.