installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.headsignflash.com.
MD5:
2e290281401d3e3cebe9ddc2be27cbd1

SHA-1:
957d85031c42f1d2a434ede7152b03e07a8c0245

SHA-256:
a29a9c74e672368ed3e2d325e09e32281ffd19a6c71e7415eb47d93666c132c1

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/28/2024 8:34:38 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.1964.0

Norman
Win32.Sality.3
28.05.2016 13:03:37

VIPRE Antivirus
Threat.4721115
49720

File size:
284 KB (290,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/26/2016 5:38:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:UtCopHKMGzQxXgcCjTDROFX4duPPSf3r5OQCGVAxG1x:YCXFzQCcCj/dduPKftCGVAxGj

Entry address:
0x29221

Entry point:
0F, AF, CD, F2, FF, C7, 89, FE, B7, F0, B5, CE, 4B, FF, C3, 89, DB, 35, D1, 2C, 00, 00, FE, CB, 0F, B6, C1, 23, EA, FF, C6, 0F, BF, DA, 8B, C9, 68, 3E, B6, EE, 00, 0F, AF, F9, E8, 00, 00, 00, 00, 0F, B6, D1, 45, 4E, F7, C3, 5D, 55, E3, E7, 8D, 2D, 1C, C1, 8F, 93, 4F, 86, EA, 69, CF, 66, 36, 38, 2B, 46, BD, 98, 6F, 00, 00, 48, 81, F5, 06, 74, 00, 00, B5, A1, 87, C6, 81, C5, 76, 3C, 00, 00, 69, C0, 1C, 37, F6, 10, 04, AD, 03, DD, 75, 08, F7, C7, EF, 42, F4, 8B, 88, C0, 5A, 8D, 1D, 44, 7E, 9E, 9A, 8D, 1D, 3E...
 
[+]

Entropy:
7.6474

Code size:
188 KB (192,512 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security