» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Soft

The executable installer.exe, “Soft Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.towncapitaltown.com.

File name:

installer.exe

Product:

Soft

Description:

Soft Setup

MD5:

08de9c1046c2d3b09e5a3a06676f13df

SHA-1:

1a2fdb913415f3b93d7642db6436f9573d4a883f

SHA-256:

624ca7233fb6c58896be27829a0babe888be0cabfdc7fd34fa02e4fac5300923

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 8:17:45 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160212-0

AVG

Win32/Sality

2015.0.4489

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

Norman

Win32.Sality.3

03.02.2016 07:38:05

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

47086

File size:

598.5 KB (612,830 bytes)

Product version:

1.6

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:JPS7P2feZGgCYE3J5zG+umLGPF8a3AWRl7q3C8pJth:JPSL2mZGgCYuJ5zfZLGia3A8l7uh

Entry address:

0xA5F8

Entry point:

60, 88, F3, 0F, CA, 80, DB, 0C, 80, EB, 52, 0F, B7, D7, B4, B4, 0F, AC, DB, D0, 0F, B3, ED, 4A, 8D, 15, 12, 6A, C1, 7F, 86, D4, 87, F5, C6, C4, 2D, 0B, F8, BD, 69, 79, A5, 6A, 0F, AF, C5, 0F, B3, EA, BE, D3, D2, 0A, 00, 4F, 81, F6, 90, D2, 0B, 00, 0F, A4, F8, 6D, 0F, BD, ED, 0F, BA, E7, 92, D3, C7, 8B, ED, F6, D0, 89, FF, 56, 69, D7, 48, 22, 2F, 66, FF, C0, 5D, EB, 09, 0F, AD, CF, 81, D0, F3, C7, 86, A9, 0F, C0, E6, 83, E3, 00, F7, D7, 8B, DD, C0, DC, 06, 0F, BA, E7, 1C, 89, F0, EB, 04, 0F, A4, F8, 35, 81... 
[+]

Entropy:

7.8156 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.towncapitaltown.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.