home

installer.exe

The executable installer.exe has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.bitscapitalbundle.com.
MD5:
f80b3b263616007bdc7f95d4a49180b7

SHA-1:
87804b8235ab57903708067ff2237b3f8335309e

SHA-256:
54bea23263a37b3af422041f21f5849670e9c6b945ece6c393122a711626d17a

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 10:21:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160215-2

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!0FD377857C5E
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.1919.0

Norman
Win32.Sality.3
29.02.2016 05:46:54

File size:
572 KB (585,728 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/14/2016 9:31:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:mfu5C9zaPHZ1eZnLHES8wnmnM/eQ+J2Qii/fw9wZBR712e:Q0C9ybeZ+nMGQ+Ii/fwO78e

Entry address:
0x717E0

Entry point:
69, FB, A6, 08, 75, 8D, 87, E9, 68, 09, 68, D0, 00, 0F, AF, D9, 8A, F0, F7, C7, 17, A8, 99, B1, C7, C0, B4, 9F, E9, 1C, FF, CE, F2, 1C, A3, C6, C7, 7C, 1D, DF, 46, ED, E8, 69, C7, 12, E6, 40, 54, 0F, BE, CB, 81, CF, C9, 9D, BE, DA, E8, 62, 00, 00, 00, 86, D2, 3B, F3, 87, D1, 84, EF, B8, FC, 0A, 00, 00, 88, ED, F7, C1, 49, 09, 12, 20, 88, CD, 05, 4A, 05, 00, 00, 87, D7, 89, FB, 69, ED, 25, 64, 76, D8, 8B, D2, F2, BD, 87, 8C, 3F, F5, 8D, 15, FF, E7, FA, E6, 69, D8, 7C, CD, 43, B8, 2D, 0D, F7, FF, FF, 71, 02...
 
[+]

Entropy:
7.2257

Code size:
476 KB (487,424 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.bitscapitalbundle.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.