installer.exe

The executable installer.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from www.bundletourstag.com.
MD5:
3ebf4382a21676861dc4c2af83719985

SHA-1:
a20695959b9bdc31c9a9bd1a469880e180ff6cf1

SHA-256:
ad927412bced30fdda966ea1ab6c91a8bb88d7ae634c162a9841643ea6508934

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/28/2024 8:06:39 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160126-1

AVG
Win32/Sality
2015.0.4477

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

McAfee
Trojan.Artemis!6A816A8BAABB
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5468.0

Norman
Win32.Sality.3
03.12.2014 13:20:04

VIPRE Antivirus
Threat.4758034
46938

File size:
516 KB (528,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/12/2016 9:23:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:CLtDH2SIUtKmTpVQ3IUIxzfayQU9FfgCrANYvA2zt:iH8mFAixayQehuYI2J

Entry address:
0x651D9

Entry point:
C7, C2, 95, C6, D3, 91, 89, F0, 81, C3, 89, EF, 53, 48, EB, 03, 0F, BE, DA, 81, FD, FF, 9E, 00, 00, 73, 02, 3C, A4, BD, 43, E2, 00, 00, 8B, C6, 81, F5, 36, 55, 00, 00, 88, C4, 0F, BF, C2, E8, 1E, 00, 00, 00, 72, 02, 85, CE, 45, 70, 01, 43, 8D, 2D, BF, 14, 00, 00, F7, DB, 81, C5, 29, 6C, 00, 00, 33, FD, 69, C5, 87, 51, AE, AF, FE, CA, B3, 94, 86, CA, 8D, 35, AA, 78, F1, FF, 81, C6, EC, 02, 0F, 00, F6, D9, 2B, C6, 5F, 0F, 6E, D7, 0F, 7E, D6, BD, 89, B1, 9F, 59, F7, C7, 3D, F7, 0F, 02, 34, 56, 68, 0C, 01, 00...
 
[+]

Entropy:
7.1961

Code size:
428 KB (438,272 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security