installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bestbulkclear.com.
MD5:
ab40575a5c32f33598af023baa1434e9

SHA-1:
888f19057855942cc04eb81e505600f933309c4b

SHA-256:
99e822e134cf849399642d444c030a198433ea247cf3cbf74c4bc959a543c706

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/24/2024 5:58:53 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160326-0

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
11.5.0.6191

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Sality.D.gen
4.6.5.141

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.300.0

Norman
Win32.Virtob.Gen.12
29.03.2016 06:29:16

VIPRE Antivirus
Threat.4120919
48090

File size:
352 KB (360,448 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
5/17/2008 8:49:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:2SR9t3sMrah80UDFyns3BumcPu/l6mr8UQB3ndXWT1LnZrEaArsC8kXtu4pKCBpA:5ah+DF/wPal6mrc3dXg17cF86tlfUJJV

Entry address:
0x521EB

Entry point:
83, 3C, 24, FF, 0F, 84, FA, FF, FF, FF, 8D, 64, 24, D0, 60, 8D, 64, 24, 24, E8, 42, 67, 00, 00, 8D, 7C, 24, FC, 87, 1F, 4B, 0F, B7, CB, E2, FE, 66, 8B, D9, FF, 73, 3C, 59, 81, E9, FE, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, 91, 11, 00, 00, 71, DF, 86, E0, 86, F6, 8B, 8C, 19, 90, 11, 00, 80, 81, F1, 50, 45, 00, 00, 75, CC, 47, 24, B8, FC, 68, 22, 4E, 3A, E4, E8, 29, FF, FF, FF, 89, 74, 24, 44, E8, 20, 00, 00, 00, 89, 44, 24, 34, 83, E8, 04, E9, 2E, FF, FF, FF, 5E, 8B, 44, 24, F8, FF, E0, 8B, FE, 6A, 01...
 
[+]

Entropy:
7.7090  (probably packed)

Code size:
292 KB (299,008 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security