installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr7.com and multiple other hosts.
Publisher:
ReSoft LTD.  (signed and verified)

MD5:
b4d6a36734e34e8a8a82b72c6ac6bc17

SHA-1:
7a0e1b97892e6f9a9e4b9ea6899edcb5e35bc383

SHA-256:
2090b50dbdd19284ba3e141d68224919092d0e603731c053c86749101b3ac11a

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 12:33:05 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Inject
2.1.4+

avast!
Win32:Malware-gen
2014.9-141102

AVG
Trojan horse Dropper.Agent
2015.0.3303

Baidu Antivirus
Trojan.Win32.MsiDrop
4.0.3.14112

ESET NOD32
Win32/TrojanDropper.MsiDrop (variant)
8.10647

IKARUS anti.virus
PUA.Linkury
t3scan.1.7.5.0

Reason Heuristics
PUP.ReSoft.J
14.8.29.1

Zillya! Antivirus
Dropper.MsiDrop.Win32.1
2.0.0.1973

File size:
10 MB (10,489,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/31/2013 5:00:00 PM

Valid to:
8/1/2015 4:59:59 PM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
8/27/2014 6:18:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Ogbv1lgqAjq18xTZCj7Sp2Q+Pa2FcZqLWij7DFt/17dBeJeTKpNnD368vS:dl0o8xTZCjYESycsLWEdtleJIKpNnu8K

Entry address:
0xB01F

Entry point:
E8, 92, 5E, 00, 00, E9, 95, FE, FF, FF, FF, 35, 80, 21, 42, 4F, FF, 15, 88, 90, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 77, 3E, 00, 00, 6A, 01, 6A, 00, E8, 70, 2E, 00, 00, 83, C4, 0C, E9, 35, 2E, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83...
 
[+]

Entropy:
7.9988  (probably packed)

Code size:
95 KB (97,280 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

Remove installer.exe - Powered by Reason Core Security