installer.exe

The application installer.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.centralupdateapp.com.
MD5:
ca38ca7c50d215f4234947b83b450d33

SHA-1:
1f6d2278908528c3a411d7d635f2c2853f3dab4c

SHA-256:
7c1cd45680f91808191296dfe3ccdfe12d68587daaf3b28f7b038b69ec985556

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 9:00:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.71
348

Agnitum Outpost
PUA.DealPly
7.1.1

Avira AntiVirus
ADWARE/DealPly.487424.16
8.3.2.4

Arcabit
Trojan.Application.Bundler.71
1.0.0.646

AVG
Downloader.Swizzor
2017.0.2826

Bitdefender
Gen:Variant.Application.Bundler.71
1.0.20.260

Bkav FE
HW32.Packed
1.3.0.7400

ESET NOD32
Win32/FusionCore.E potentially unwanted (variant)
10.12907

Fortinet FortiGate
Riskware/FusionCore
2/21/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-21-02_1

G Data
Gen:Variant.Application.Bundler.71
16.2.25

K7 AntiVirus
Adware
13.212.18499

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.626

McAfee
RDN/Swizzor.gen
5600.6482

MicroWorld eScan
Gen:Variant.Application.Bundler.71
17.0.0.156

NANO AntiVirus
Riskware.Win32.DealPly.dzppfh
1.0.14.5380

Panda Antivirus
Trj/Swizzor.S
16.02.21.06

Qihoo 360 Security
HEUR/QVM08.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16219

Sophos
Generic PUA BP (PUA)
4.98

Trend Micro
TROJ_GEN.R00XC0PAJ16
10.465.21

VIPRE Antivirus
Trojan.Win32.Generic
46668

Zillya! Antivirus
Worm.WBNA.Win32.382958
2.0.0.2625

File size:
476 KB (487,424 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/11/2016 11:28:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:zLW2mobIr9/zAX9+Y/9B54xH5urx3afHPOKF4mSDNu:fnPEp8NtR4xZu1ybF4mh

Entry address:
0x6AB15

Entry point:
6A, 60, 68, 50, 11, 47, 00, E8, 33, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 83, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 24, 10, 47, 00, 8B, 4E, 10, 89, 0D, 38, 3C, 47, 00, 8B, 46, 04, A3, 44, 3C, 47, 00, 8B, 56, 08, 89, 15, 48, 3C, 47, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, 3C, 47, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, 3C, 47, 00, C1, E0, 08, 03, C2, A3, 40, 3C, 47, 00, 33, F6, 56, 8B, 3D, 18, 10, 47, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
448 KB (458,752 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security