» installer.exe
Overview
Analysis
File Details
Downloads (2)

installer.exe

ProInstall Applications SRL

The application installer.exe by ProInstall Applications SRL has been detected as adware by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from 113.171.224.174 and multiple other hosts.

File name:

installer.exe

Publisher:

ProInstall Applications SRL (signed and verified)

MD5:

2b7da7778033b9a313d7a29d1db59f12

SHA-1:

6c2ecc8def064c148806d5ed3707a8dbb41e5f53

SHA-256:

524ad99a8235f8d8edaff74c2d774faf5d5ae44db27bd426eba8a15231b0f4f4

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

11/16/2024 9:28:14 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.11256

9.0.1.0225

ESET NOD32

Win32/WinWrapper.E potentially unwanted (variant)

9.12042

Reason Heuristics

PUP.ProInstallApplicationsSRL (M)

15.7.15.18

VIPRE Antivirus

Spigot

42618

File size:

593.1 KB (607,368 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature

Signed by:

ProInstall Applications SRL

Authority:

COMODO CA Limited

Valid from:

12/30/2014 1:00:00 AM

Valid to:

12/31/2015 12:59:59 AM

Subject:

CN=ProInstall Applications SRL, OU=iops, O=ProInstall Applications SRL, STREET="Bd Decebal 25-29, Et 10", STREET=Spatiul 9.1 Camera A, L=Bucuresti, S=Sector 3, PostalCode=030964, C=RO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FECC76E020238D75DD6868F2328F702F

File PE Metadata

Compilation timestamp:

7/14/2015 4:04:21 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:4skDvUQgU3go81jdohRkyVnsxrl5hUa0WTsskrvcbbb6bbbblbbbnnla:4y92YP5hUaXTs1nla

Entry address:

0x3083F

Entry point:

E8, 95, DE, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, A0, D9, 45, 00, E8, 47, 0F, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 69, 01, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 40, E2, FF, FF, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, 80, E1, 00, 00, 89, 45, 08, 3B, C6, 75, 0D, E8, 27, 01, 00, 00, C7, 00, 18, 00, 00, 00, EB, C9, 89, 75, FC, 66, 39, 33, 75, 20... 
[+]

Code size:

310 KB (317,440 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.174/.../Installer.exe

http://www.report-download.com/advplatform/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.