installer.exe

The executable installer.exe has been detected as malware by 12 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.metacurrentquick.com.
MD5:
e88cc0dc58e933f91022c05a2a63c0e4

SHA-1:
503b3fc7467999ad374a0dfeb924b53b25b5aac8

SHA-256:
66012e713fb01d6c9ce352aa020497e0edfe588a3d2b0101db1715b73fc028b7

Scanner detections:
12 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 6:25:13 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160209-2

AVG
Win32/Sality
2015.0.4522

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.RDN/Swizzor.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5966.0

Norman
Win32.Sality.3
03.12.2014 13:20:04

Sophos
Virus 'Mal/Sality-D'
5.23

File size:
380 KB (389,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/5/2016 1:13:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:H1X1M2jRJccXCyjMj7lc9Dk9vK09NnNUtEF70nLxTr0KvafWMfzvNVduZ84GAUN+:H1lM0CuEZc9wF3Nngi0LF/EWS85a+

Entry address:
0x3F5B2

Entry point:
8D, 0D, 01, BE, DB, 77, 87, DE, 8B, C6, 0F, AF, C0, 35, C2, 15, 21, E7, 68, CB, 79, 34, 00, 68, 60, 73, 46, 00, FF, C8, 0F, AF, FA, F7, C3, EC, 69, 0B, BE, F7, C3, 4B, 4E, 3B, AC, C7, C6, 75, 21, EB, AA, 56, 03, F2, FF, CE, 0F, B6, DB, E8, 00, 00, 00, 00, 5B, 80, DC, 66, F3, 88, F8, 0F, B6, D2, 81, DD, 03, EC, 84, BA, C6, C6, F7, 0A, EE, B5, 22, 73, 02, 85, CA, 84, F7, BA, 2E, 2B, 29, 77, 0F, B6, CD, 3D, E6, 3B, 00, 00, EB, 09, 12, EB, B9, 28, 79, A5, 2B, 1A, D0, 80, D9, 50, B2, B5, 33, ED, 75, 0A, 8D, 3D...
 
[+]

Entropy:
7.7219  (probably packed)

Code size:
276 KB (282,624 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security