installer.exe

The executable installer.exe has been detected as malware by 12 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bundletourstag.com.
MD5:
fc13ae61ed7022d2340e0bbdd54fb05f

SHA-1:
6467f41f7ca026d08b4b0c89afc8bac5a19f5402

SHA-256:
63e5f3c1b78eb729f4e065b88798fc01baff2ad2dc40a3c5fafeea983b41302c

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/28/2024 8:20:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160204-3

AVG
Win32/Sality
2015.0.4477

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!6A816A8BAABB
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5468.0

Norman
Win32.Sality.3
03.02.2016 07:38:05

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4758034
46910

File size:
520 KB (532,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/12/2016 9:23:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:3LtDH2SIUtKmTpVQ3IUIxzfayQU9FfgCrVNYkESE:lH8mFAixayQehVYeE

Entry address:
0x651D9

Entry point:
EB, 08, 69, CB, DC, FB, 00, 48, 0F, C9, 89, FE, 0F, AF, E9, 8A, F9, E8, 46, 00, 00, 00, 0F, CD, FE, C5, 81, F9, 2A, FB, 00, 00, 78, 0C, 0F, C9, 1D, 2A, B3, 87, EA, B8, 96, DC, 24, 72, 8D, 05, A5, AB, 5B, D1, 8D, 1D, 59, CE, F5, FF, 70, 12, BA, 95, A4, 14, 94, BF, 58, 3F, 0F, DE, F7, C2, 4B, EF, 7E, AB, 28, FC, 81, C3, A6, 1C, 0B, 00, 2B, F3, 81, C6, 1C, 46, 00, 00, C6, C5, C7, 81, C7, FC, 76, 92, 07, 0F, BF, CA, 57, 25, 8C, 0E, F4, 19, 5D, C6, C6, 8F, 5F, 0F, 6E, E7, 78, 05, 4A, 28, F2, 39, F3, C7, C3, E4...
 
[+]

Entropy:
7.2085

Code size:
428 KB (438,272 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security