installer.exe

The executable installer.exe has been detected as malware by 9 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hosttowerbest.com.
MD5:
b24537308429a490e52e025c0e1d1316

SHA-1:
9e0ed46aa017ae7586370c523d3d42687c4e99be

SHA-256:
7566be7ed0861f2a0905ee25d3eebe0409810bd1c46dc9d9f79b52a8bfe6c47d

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 1:34:20 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160112-0

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

VIPRE Antivirus
Threat.4721115
46444

File size:
452 KB (462,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/12/2016 10:06:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:UBiPhoLa0IOfDfZuCHCRJSe5fQgpSUarw5d2XWVD:UQoLaLOfDoCHmS+fQhUx5d2GVD

Entry address:
0x5379F

Entry point:
60, F7, C6, D1, 01, E6, 50, 86, CB, 68, 9B, EE, 48, 00, 8A, E9, 86, DB, 81, FA, 11, 94, 00, 00, 73, 03, F3, 84, CA, 78, 09, 0F, AF, D2, 69, D6, F1, E6, D2, 91, EB, 0A, F6, C7, DC, BB, 30, 9B, CC, D3, 8A, D0, 76, 02, 84, DF, E8, 43, 00, 00, 00, 03, F7, 87, D6, 70, 01, 42, 3A, E4, EB, 03, 87, FE, F2, 33, D2, 0F, BE, CE, 8D, 2D, 04, 12, 58, E6, 8A, C2, 81, F2, E8, 42, 0F, 00, 73, 09, F3, FE, CC, 69, FE, FC, E1, 30, D5, 81, F2, 0E, B6, 00, 00, 8B, C1, 2B, DA, FF, C7, 86, ED, F6, C7, B8, 81, C3, 2D, B3, 0F, 00...
 
[+]

Entropy:
7.0081

Code size:
356 KB (364,544 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security