home

installer.exe

The executable installer.exe has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.cleannowclear.com.
MD5:
8d24b867441aea3ec4fc36f64822ccb0

SHA-1:
a358d09eb3f2ac1d44a0abd9e1509a290be1d861

SHA-256:
98140df7ecebb2da40d827dd3a448e4b2beb32c0820b66551b767f42d51c0409

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/24/2024 3:03:39 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160203-1

AVG
Win32/Tanatos.M
2015.0.4489

Dr.Web
Win32.Sector.16
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality.OG
10.0.0.5366

ESET NOD32
Win32/Sality.NAR virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5530.0

Norman
Win32.Sality.OG
03.02.2016 07:38:05

Sophos
Virus 'Mal/Sality-B'
5.23

VIPRE Antivirus
Threat.416209
46838

File size:
375.5 KB (384,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/5/2016 7:47:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:9vJdQ2wNkV/LD0GfPiv0VKheiREmmxg3CuTysdsO9lz7x8plLgfEv/9h:9TQ2wmLQGHitwiTmxCA8GlLgMv/D

Entry address:
0x3ED00

Entry point:
60, 29, C0, F7, C3, 6C, 7F, 46, F1, E8, 0A, 00, 00, 00, 19, 3A, FB, 74, AC, E3, 01, 4F, BB, F2, 6A, D5, 53, E8, 33, 04, 00, 00, 5A, 58, 59, 81, F8, 2B, 36, 00, 00, 0F, BC, DA, 71, 04, 03, C6, 85, EF, 81, C1, 7E, 37, 00, 00, 86, C3, 0F, BA, FF, BF, 0F, AC, D8, 0F, C0, F8, 5F, D2, F8, 81, C1, 74, CB, 00, 00, 69, FE, FF, C6, 71, 70, 8B, D9, F6, D8, C7, C0, EF, F6, E1, 20, 51, 8A, D0, 80, F8, 16, F6, D8, 48, 5B, 0F, BA, E0, 46, 88, F0, 80, F8, 66, 0F, BA, E0, 76, 53, 56, FF, C3, 69, DA, 01, C0, 83, 3A, EB, 01...
 
[+]

Entropy:
7.8587  (probably packed)

Code size:
284.5 KB (291,328 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.cleannowclear.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.