installer.exe

The application installer.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.towersoftwarenew.com and multiple other hosts.
MD5:
ef43550dbbd5c95365f13ff1dc1696be

SHA-1:
52496ad5be241d0a54f2b04171521b85485c92a0

SHA-256:
1bfb6b5abc1a1135f9e5771cd00ef4ff3258f5c56b0d2d9a4a55900e04ced384

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:47:18 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.59817
368

AegisLab AV Signature
Gen.Variant.Mikey!c
2.1.4+

Agnitum Outpost
PUA.DealPly
7.1.1

Arcabit
Trojan.Symmi.DE9A9
1.0.0.646

AVG
Generic37
2017.0.2846

Bitdefender
Gen:Variant.Symmi.59817
1.0.20.160

Bkav FE
HW32.Packed
1.3.0.7400

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.59817
10.0.0.5366

Fortinet FortiGate
Adware/DealPly
2/1/2016

F-Secure
Variant.Adware.Symmi
5.15.21

G Data
Gen:Variant.Symmi.59817
16.2.25

K7 AntiVirus
Riskware
13.213.18582

Kaspersky
not-a-virus:AdWare.Win32.DealPly
15.0.0.562

McAfee
Trojan.Artemis!EF43550DBBD5
18.0.204.0

MicroWorld eScan
Gen:Variant.Symmi.59817
17.0.0.96

Norman
Gen:Variant.Adware.Symmi.59817
18.01.2016 17:20:53

Panda Antivirus
Trj/Swizzor.S
16.02.01.10

Qihoo 360 Security
HEUR/QVM08.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16130

Trend Micro
TROJ_GEN.R02KC0EAO16
10.465.01

VIPRE Antivirus
Threat.4150696
46838

Zillya! Antivirus
Worm.WBNA.Win32.390464
2.0.0.2640

File size:
440 KB (450,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/16/2016 1:11:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:1SRnDTBCpfS/9Sn0jkLK/49YvTpK3B87Rt6o:1Gn+S9SmlppKR6

Entry address:
0x61F76

Entry point:
6A, 60, 68, 90, 91, 46, 00, E8, 32, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 82, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 24, 90, 46, 00, 8B, 4E, 10, 89, 0D, 38, BC, 46, 00, 8B, 46, 04, A3, 44, BC, 46, 00, 8B, 56, 08, 89, 15, 48, BC, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, BC, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, BC, 46, 00, C1, E0, 08, 03, C2, A3, 40, BC, 46, 00, 33, F6, 56, 8B, 3D, 18, 90, 46, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
416 KB (425,984 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

Remove installer.exe - Powered by Reason Core Security