» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Program Web Lite

web

The executable installer.exe, “Program Web Lite Setup ” has been detected as malware by 8 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from www.cleartodaydelivery.com.

File name:

installer.exe

Publisher:

web

Product:

Program Web Lite

Description:

Program Web Lite Setup

Version:

3.7.5.7

MD5:

79154d58b47e4c0750901392f0a605c5

SHA-1:

879d8015facd1da7d31af6de2f0a1a5da91b452a

SHA-256:

0b9c8436ce760a78ec4063b2c43b8546991868bead11e3e0b76682b127e9b638

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 3:36:59 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160503-1

AVG

Win32/Parite

2015.0.4604

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

Kaspersky

Virus.Win32.Parite

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1226.0

Norman

Win32.Parite.B

19.05.2016 01:04:49

File size:

754 KB (772,056 bytes)

Product version:

4.5.9

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:whkk8/MmpA0ZuEoqqKu3ob7Goxfg64vvhbigu7tt6l2ErhO01SC9n92YvvMh8dcX:whk/0ATUEX8CKoxUugux2TrhbIC59V0b

Entry address:

0x17000

Entry point:

68, DC, C3, 6C, 00, 5B, 90, BA, 1E, 70, 41, 00, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 1C, 32, 90, 83, EE, 03, 4E, 90, 75, F5, 90, 90, 90, 34, BE, 6D, 00, DC, C3, 6C, 00, DC, C3, 2C, 00, 9C, 5F, 6C, 00, 47, D2, 65, 00, 04, D4, 65, 00, DC, 73, 6E, 00, 23, 3C, 93, FF, 68, 13, 2C, 00, B8, 11, 2C, 00, A0, 11, 2C, 00, DC, C3, 6C, 00, DC, C3, 6C, 00, DC, C3, 6C, 00, 68, 5F, 6C, 00, BE, 11, 6C, 00, A6, 11, 6C, 00, DC, C3, 6C, 00, DC, C3, 6C, 00, DC, C3, 6C, 00, DC, C3, 6C, 00, C0, 12, 2C, 00, DC, C3, 6C, 00, DC, C3... 
[+]

Code size:

37 KB (37,888 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.cleartodaydelivery.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.