installer.exe

The application installer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.townsoftwarebody.com and multiple other hosts.
MD5:
73b0b27bd7689b808fd927cc16752062

SHA-1:
93947361b25564eaba76d591cfb85edeff639228

SHA-256:
36c176141d95e5b4ad001a7a9c69b569aea485e096a708319a6e0b748478cc3c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 12:46:08 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crypt-RXH [Trj]
160119-0

Reason Heuristics
Adware.Bundler (M)
16.6.21.15

File size:
336.5 KB (344,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\casa\meus documentos\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/3/2016 6:57:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:VNMSGh32f8b/UUZMxIc0OMd1fzXGGXOF5ovAkpy/h9RGYcVR:vMSGpqG/UUZMec0XPrXGGXOFJ04aP

Entry address:
0x47491

Entry point:
E8, 06, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, FA, 1C, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 58, 37, 45, 00, 74, 12, 8B, 0D, 74, 36, 45, 00, 85, 48, 70, 75, 07, E8, 24, 2C, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 78, 35, 45, 00, 74, 16, 8B, 46, 08, 8B, 0D, 74, 36, 45, 00, 85, 48, 70, 75, 08, E8, 98, 24, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Code size:
318.5 KB (326,144 bytes)

The file installer.exe has been seen being distributed by the following 13 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-45-150-52.compute-1.amazonaws.com  (52.45.150.52:80)

Remove installer.exe - Powered by Reason Core Security