home

installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.tagappchuckle.com.
MD5:
e895df31fed5259ed5da52d76fcc8a39

SHA-1:
b08bb21f42baaa17ad91f0eea4c04c0f0fdad0ce

SHA-256:
5272737af4c2f85ccd40fc72805307e7b192c976b0421ec3752e455b80fd6a2f

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/24/2024 5:39:01 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160126-1

AVG
Win32/Ramnit.A
2015.0.4477

Dr.Web
Trojan.Swizzor.19586
9.0.1.05190

ESET NOD32
Win32/Ramnit.A virus
7.0.302.0

F-Prot
W32/Ramnit.B
4.6.5.141

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

McAfee
Trojan.Artemis!E6537AB9B78C
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5352.0

Norman
Win32.Ramnit
03.02.2016 10:30:35

VIPRE Antivirus
Threat.4726519
46842

File size:
368 KB (376,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/4/2016 4:13:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:RN217MgTxA/IuXkjfO5jgDOQ0tIgGX9BkdNjyDMAmNTkRLR/ihPSX/GU/:R0dMRAuX0G5EDT0NCBkb+MNTkRLYlSXJ

Entry address:
0x4E000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
284 KB (290,816 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.tagappchuckle.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.