» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bestbulkclear.com.

File name:

installer.exe

MD5:

ab40575a5c32f33598af023baa1434e9

SHA-1:

888f19057855942cc04eb81e505600f933309c4b

SHA-256:

99e822e134cf849399642d444c030a198433ea247cf3cbf74c4bc959a543c706

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/24/2024 5:58:53 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Vitro

160326-0

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

11.5.0.6191

ESET NOD32

Win32/Virut.NBP virus

8.0.319.0

F-Prot

W32/Sality.D.gen

4.6.5.141

Kaspersky

Virus.Win32.Virut

15.0.0.562

McAfee

Virus.W32/Virut.n.gen

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.300.0

Norman

Win32.Virtob.Gen.12

29.03.2016 06:29:16

VIPRE Antivirus

Threat.4120919

48090

File size:

352 KB (360,448 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

5/17/2008 8:49:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:2SR9t3sMrah80UDFyns3BumcPu/l6mr8UQB3ndXWT1LnZrEaArsC8kXtu4pKCBpA:5ah+DF/wPal6mrc3dXg17cF86tlfUJJV

Entry address:

0x521EB

Entry point:

83, 3C, 24, FF, 0F, 84, FA, FF, FF, FF, 8D, 64, 24, D0, 60, 8D, 64, 24, 24, E8, 42, 67, 00, 00, 8D, 7C, 24, FC, 87, 1F, 4B, 0F, B7, CB, E2, FE, 66, 8B, D9, FF, 73, 3C, 59, 81, E9, FE, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, 91, 11, 00, 00, 71, DF, 86, E0, 86, F6, 8B, 8C, 19, 90, 11, 00, 80, 81, F1, 50, 45, 00, 00, 75, CC, 47, 24, B8, FC, 68, 22, 4E, 3A, E4, E8, 29, FF, FF, FF, 89, 74, 24, 44, E8, 20, 00, 00, 00, 89, 44, 24, 34, 83, E8, 04, E9, 2E, FF, FF, FF, 5E, 8B, 44, 24, F8, FF, E0, 8B, FE, 6A, 01... 
[+]

Entropy:

7.7090 (probably packed)

Code size:

292 KB (299,008 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.bestbulkclear.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.