installer.exe

The executable installer.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from www.tourssignfactory.com.
MD5:
5e10f53f962e998f00637f471cb4f52f

SHA-1:
81179428d53087cf48613d96fb55b5e7838d933a

SHA-256:
a5b59b0109025bb3513b11bb15bda67d482c3d94cc238c8eeec5779f8cdeb266

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/24/2024 5:53:37 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:FileInfector-A [Heur]
160708-3

ESET NOD32
Win32/Sality.NDR virus
8.0.319.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1478.0

Norman
Win32.Sality.4
28.05.2016 15:32:18

File size:
412 KB (421,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/11/2016 1:40:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:eJ2vGyy1wrOCzmSTvWmi/2jy4OTNZ9Ky0C:62uT1wrx37pxOv9KHC

Entry address:
0x48DA5

Entry point:
46, 69, D9, 25, C2, 78, 0B, 10, C2, 69, CE, 6E, 70, F8, E5, F7, C1, 74, 8C, 7B, 9D, 88, FB, 2B, C7, 0F, AF, D5, 4E, BD, 58, 1A, B7, DF, 8A, DF, 88, CB, 6A, 00, FF, 15, 1C, 00, 45, 00, 01, C5, 11, F1, FE, CD, E8, 17, 00, 00, 00, F6, C5, F9, 8B, F7, 0F, C9, 8B, F7, 8A, F5, 11, ED, 03, DE, C7, C7, 19, 9E, 44, 7E, 85, C8, 84, E3, 34, C2, 81, F5, 0E, 6D, 40, 36, F7, C0, ED, 9D, 26, AF, 69, D2, 5B, 05, BF, 49, 89, DD, 00, F3, F7, DD, C7, C5, 31, BE, 99, 01, FF, C5, 68, 09, 2A, 00, 00, 81, C5, 7E, 7E, 8D, 34, 85...
 
[+]

Entropy:
7.0979

Code size:
316 KB (323,584 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security