home

installer.exe

Logerunate

Taseha

The executable installer.exe has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from www.febwedne.com.
Publisher:
Taseha

Product:
Logerunate

Description:
Logerunate Setup

Version:
4.1.1.2

MD5:
49e8584374c477ff9c112da2711c9f44

SHA-1:
a90dba8c8deebd0a16258717a8246b0253720d53

SHA-256:
038713b92a76b2a66fcc8e55375929656c561556a46759fb0e48725254f94b00

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/8/2024 5:49:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160215-2

AVG
Win32/Parite
2015.0.4530

Dr.Web
Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.21

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7480.0

Norman
Win32.Parite.B
29.02.2016 03:11:57

File size:
383 KB (392,152 bytes)

Copyright:
Lite Installer

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
12/16/2015 8:48:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:h1m9hzzQ21N3V3vqXBRqHh5rp/cyiBbwFGTJRn/vUGSpVJAPK6elXi/VF2XSuY8u:bk/N3hvqXBRqHh5N/cyiBbRTJpHUGkPM

Entry address:
0x3A000

Entry point:
90, 90, B9, 52, 42, BE, 02, 90, BF, 1E, A0, 43, 00, 68, 98, 05, 00, 00, 5E, 31, 0C, 3E, 90, 90, 83, EE, 04, 90, 90, 75, F4, 90, 90, 90, BA, 3F, BF, 02, 52, 42, BE, 02, 52, 42, FE, 02, 5F, 73, BE, 02, FA, 06, BD, 02, 8A, 09, BD, 02, 52, F2, BC, 02, 53, 42, BE, 02, 36, 32, FE, 02, 6C, 38, FE, 02, EA, 3B, FE, 02, 8E, 2B, BE, 02, 6E, 38, BE, 02, E4, 3B, BE, 02, 36, 26, BE, 02, 6E, 38, BE, 02, E4, 3B, BE, 02, 52, 42, BE, 02, 52, 42, BE, 02, 52, 42, BE, 02, 52, 42, BE, 02, 86, 32, FE, 02, 52, 42, BE, 02, 52, 42...
 
[+]

Code size:
24 KB (24,576 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.febwedne.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.