» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.centralupdateapp.com.

File name:

installer.exe

MD5:

ca38ca7c50d215f4234947b83b450d33

SHA-1:

1f6d2278908528c3a411d7d635f2c2853f3dab4c

SHA-256:

7c1cd45680f91808191296dfe3ccdfe12d68587daaf3b28f7b038b69ec985556

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/8/2024 5:08:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.71

348

Agnitum Outpost

PUA.DealPly

7.1.1

Avira AntiVirus

ADWARE/DealPly.487424.16

8.3.2.4

Arcabit

Trojan.Application.Bundler.71

1.0.0.646

AVG

Downloader.Swizzor

2017.0.2826

Bitdefender

Gen:Variant.Application.Bundler.71

1.0.20.260

Bkav FE

HW32.Packed

1.3.0.7400

ESET NOD32

Win32/FusionCore.E potentially unwanted (variant)

10.12907

Fortinet FortiGate

Riskware/FusionCore

2/21/2016

F-Secure

Gen:Variant.Application.Bundler

11.2016-21-02_1

G Data

Gen:Variant.Application.Bundler.71

16.2.25

K7 AntiVirus

Adware

13.212.18499

Kaspersky

not-a-virus:AdWare.Win32.DealPly

14.0.0.626

McAfee

RDN/Swizzor.gen

5600.6482

MicroWorld eScan

Gen:Variant.Application.Bundler.71

17.0.0.156

NANO AntiVirus

Riskware.Win32.DealPly.dzppfh

1.0.14.5380

Panda Antivirus

Trj/Swizzor.S

16.02.21.06

Qihoo 360 Security

HEUR/QVM08.0.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48 [F]

23.00.65.16219

Sophos

Generic PUA BP (PUA)

4.98

Trend Micro

TROJ_GEN.R00XC0PAJ16

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

46668

Zillya! Antivirus

Worm.WBNA.Win32.382958

2.0.0.2625

File size:

476 KB (487,424 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

1/11/2016 11:28:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:zLW2mobIr9/zAX9+Y/9B54xH5urx3afHPOKF4mSDNu:fnPEp8NtR4xZu1ybF4mh

Entry address:

0x6AB15

Entry point:

6A, 60, 68, 50, 11, 47, 00, E8, 33, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 83, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 24, 10, 47, 00, 8B, 4E, 10, 89, 0D, 38, 3C, 47, 00, 8B, 46, 04, A3, 44, 3C, 47, 00, 8B, 56, 08, 89, 15, 48, 3C, 47, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, 3C, 47, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, 3C, 47, 00, C1, E0, 08, 03, C2, A3, 40, 3C, 47, 00, 33, F6, 56, 8B, 3D, 18, 10, 47, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

448 KB (458,752 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.centralupdateapp.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.