home

installer.exe

Fonop

The executable installer.exe, “Fonop Setup ” has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.applicationcitybinaries.com.
Product:
Fonop

Description:
Fonop Setup

Version:
5.5

MD5:
adc27609474e3aef3bd63f7f6f4104a3

SHA-1:
4ef65c527c7ec3345b2e2e898bf0c371efc85c40

SHA-256:
307338b967ab718eacf433490e27c0ad3fc9bb8ba7d9bea69ec44126b3aba843

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 6:58:57 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4604

Dr.Web
Win32.Sector.21
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
16.07.06

F-Prot
W32/Sality.E.gen
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.531.0

File size:
516 KB (528,396 bytes)

Product version:
5.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:uQiJMqXFTD6PnnnRdzflM2MPfvg0UUl42cATvxsZh6Qz7o:uQi6qXFTWfRdzfDMdlvcAb+Ho

Entry address:
0xA5F8

Entry point:
60, EB, 0A, 69, F7, 1F, 73, 85, B6, 22, DF, FF, CF, 68, D0, D9, 3D, 00, 68, 58, 4D, 21, 00, 2B, C7, 77, 04, 80, C7, 31, F2, 69, FB, A8, 0C, 9F, CB, 87, E9, 88, DF, 69, DB, AD, D4, 79, 1A, 81, C3, 42, AB, 39, CE, 3B, C2, 81, FE, 1E, 7A, 00, 00, 74, 0E, 85, EA, 69, DD, 25, 8B, 7C, 29, F7, C6, 15, D6, 8B, 2F, EB, 0B, 15, 44, 5B, 40, 3C, 8D, 35, 1C, FF, B5, 8C, B7, 10, 85, CF, 86, EA, 2D, 68, F8, 1A, 15, FF, C9, E8, 00, 00, 00, 00, 8A, C6, 0F, B7, E9, 46, 0F, AF, D0, 41, 12, DD, 81, FF, F5, 42, 00, 00, 59, 0F...
 
[+]

Entropy:
7.9431  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.applicationcitybinaries.com/johnkarynjones/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.