installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.giftdownloadscycle.com.
MD5:
eaef6c3ae160d40dfd197d7fc45ccabf

SHA-1:
89137c9aec8b8bf96ac0af9824158e19b7da6422

SHA-256:
c6d35841e3b2e656fd5a12911a4ffc935f6d79b417a646681c8095b616a4b804

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/24/2024 1:57:49 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160204-3

AVG
Win32/Ramnit.A
2015.0.4477

Dr.Web
Trojan.Swizzor.19587
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit
10.0.0.5366

ESET NOD32
Win32/Ramnit.A virus
7.0.302.0

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

McAfee
Program.Artemis!F2C31D1FAE70
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5484.0

Norman
Win32.Ramnit
03.02.2016 07:38:05

VIPRE Antivirus
Threat.4726519
46908

File size:
260 KB (266,240 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/2/2016 10:45:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:/bwjDqMvnL9NFOeX09C7E3mIqGYjee86gUMxKcvajbAW7:/bwjGoLB7AC7E3mnGMPgFKCubA

Entry address:
0x33000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Entropy:
7.5101

Packer / compiler:
ASPack v1.08.04

Code size:
176 KB (180,224 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security