» installer.exe
Overview
Analysis
File Details
Downloads (5)

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.appsflashdelivery.com and multiple other hosts.

File name:

installer.exe

MD5:

1742bbbced9c23a4485940827a1dfb16

SHA-1:

50f1c5766ad4dc27e14770f253cdb7cbef08c483

SHA-256:

4fc1cd4b79f988c01efd7d4ea37c5b2b11c1bdcee190e0407b207c75f8e93c31

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 6:27:48 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.DealPly

7.1.1

Avira AntiVirus

GAME/Zylom.Gen5

7.11.30.172

Arcabit

Trojan.Application.Bundler.71

1.0.0.642

Bitdefender

Gen:Variant.Application.Bundler.71

1.0.20.95

Bkav FE

HW32.Packed

1.3.0.7400

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.71

10.0.0.5366

F-Secure

Gen:Variant.Application.Bundler

11.2016-19-01_3

G Data

Gen:Variant.Application.Bundler.71

16.1.25

Kaspersky

not-a-virus:AdWare.Win32.DealPly

15.0.0.562

McAfee

Artemis!1742BBBCED9C

5600.6516

MicroWorld eScan

Gen:Variant.Application.Bundler.71

17.0.0.57

Norman

Gen:Variant.Application.Bundler.71

11.01.2016 17:30:26

Panda Antivirus

Trj/Swizzor.S

16.01.19.02

Qihoo 360 Security

Win32/Trojan.ad3

1.0.0.1077

VIPRE Antivirus

Threat.4439742

46592

File size:

400 KB (409,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

1/14/2016 9:00:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:GCF0KKlE/XV6J7Xze2ubTSrX/H6URU5l3M5hOn+Y/uBPhvMLQg:GC+lEYJ7XKPbTG6DfMTOV/eZvQH

Entry address:

0x58495

Entry point:

6A, 60, 68, 70, F1, 45, 00, E8, 33, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 83, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 24, F0, 45, 00, 8B, 4E, 10, 89, 0D, 38, 1C, 46, 00, 8B, 46, 04, A3, 44, 1C, 46, 00, 8B, 56, 08, 89, 15, 48, 1C, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, 1C, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, 1C, 46, 00, C1, E0, 08, 03, C2, A3, 40, 1C, 46, 00, 33, F6, 56, 8B, 3D, 18, F0, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

376 KB (385,024 bytes)

The file installer.exe has been seen being distributed by the following 5 URLs.

http://www.appsflashdelivery.com/.../installer.exe

http://leobells.blob.core.windows.net/.../installer.exe

http://www.sendheadvaults.com/.../installer.exe

http://www.bestconceptsfiles.com/.../installer.exe

http://www.packageclearheart.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.