installer.exe

The executable installer.exe has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bitstourhosting.com.
MD5:
f4e55db2270958fc6d8b6588b5d29884

SHA-1:
9f9dabcb2490f1ee6c5277cde38a0acf6dfa7a63

SHA-256:
2dd0e66b3d7d68d49bc78d32626ad5f878c857ed9f5bf601306d24b746c15eae

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/24/2024 6:34:40 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160118-1

Dr.Web
Win32.Sector.5
9.0.1.05190

ESET NOD32
Win32/Sality.NAR virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!EC68219F5184
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5308.0

Norman
Win32.Sality.OG
18.01.2016 17:20:53

VIPRE Antivirus
Threat.416209
46838

File size:
266.5 KB (272,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/27/2016 7:53:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:9r+Rg/73ZhHPfhAcWLiaSFqB3phHvUqyV2heQ6qC88oVuvfHx+L/iQ1exZhscPB2:N++fvpnNlsB3PH1hejE8hXHULjSsckXN

Entry address:
0x23CF8

Entry point:
60, 31, C9, EB, 01, E9, 0F, AF, C3, 89, EE, 51, 0F, C1, F1, 0F, AD, FD, 0F, A5, D3, 5B, C1, E1, 1C, F7, C0, 5D, AC, BF, 86, F7, D1, 6A, 00, FF, 15, 14, C0, 42, 00, E8, 00, 00, 00, 00, 29, E9, BE, FD, CC, 5F, A6, 0F, AB, C1, 0F, BA, FF, EC, 59, 81, C1, 62, 36, 00, 00, F2, C1, D0, 9F, FE, C8, 81, C1, 22, F7, 00, 00, 0F, AF, FE, 0F, CF, 11, E8, 81, E9, AA, 1A, 00, 00, 11, E8, 0F, BA, FF, 7F, 0F, A3, D8, 51, 81, C1, E5, 08, 00, 00, 13, C5, F7, D0, 47, 81, C1, 22, 09, 00, 00, 0F, BC, FE, 0F, BA, FF, 5F, 48, 81...
 
[+]

Entropy:
7.6877

Code size:
170.5 KB (174,592 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security