home

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.farmdownloadvaults.com.
MD5:
bf72835f44f38353f76dea2aaf36bc25

SHA-1:
aa0c9846fee85aa364b091769abf717c5c2fe323

SHA-256:
85821f38d7f807964728f273a4ea7d9f1e2f7f2bb03759cb341119c0a0eb869d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 1:25:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160118-1

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Program.Artemis!038DA581F99C
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3386.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4721115
46446

File size:
516 KB (528,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/11/2016 3:40:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:hTipYLR8haqMJ/qE5DSxWwIGkbhWnQsbS/iS6U:UuGhMJ/qE5DSxMGkNMQi2nB

Entry address:
0x65517

Entry point:
F2, 55, 38, E8, 4F, 43, F2, EB, 04, F2, 89, C5, 43, 81, D9, AC, 65, 27, 26, 8D, 1D, D8, 80, FC, 3B, C6, C7, B1, 0D, 66, 13, 67, 83, E8, B9, 00, 00, 00, 8D, 1D, FC, E5, A5, 67, 0F, BE, CA, 00, E0, 85, F8, 75, 0C, 81, EB, F5, CB, C7, DB, 69, F6, 42, 51, 65, BD, FE, C8, 31, F8, EB, 09, 89, DD, 81, DF, 72, 7E, 55, A9, 47, 0F, BF, DF, 84, CA, 84, FF, F6, C6, 9A, B3, C0, 69, D8, F0, A5, 1C, F0, BE, 3B, BD, 0E, 00, 0F, B6, E8, 00, DB, 81, F6, 3A, 84, 0E, 00, 89, FB, FF, C3, 6B, FF, 00, 74, 06, 69, EF, 80, 45, 8B...
 
[+]

Entropy:
7.2206

Code size:
428 KB (438,272 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.farmdownloadvaults.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.