installer.exe

The executable installer.exe has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.towersapplicationnow.com.
MD5:
fa59a74837c4bfad43b23d89dbe4badc

SHA-1:
b25a40a13f7fb5eeb75f0d775cf523c4f3a3160e

SHA-256:
8d3b3407b219815d09ebfca8873ca54301515128a29ad1dac8eeb79226e74697

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 10:30:00 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160215-2

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.7480.0

Norman
Win32.Sality.3
29.02.2016 03:11:57

File size:
578.2 KB (592,119 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
12/27/2015 6:38:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2QpVpYmlL6G/MzeXI+VdhXyu+IUCe+w5ti+LnUT:2QpVprLDXXI+3hXy8An5tLYT

Entry address:
0x310D

Entry point:
12, DE, 0F, AF, FB, 8A, F1, 02, EE, 4E, FE, C1, 76, 0E, 81, F1, A8, 76, 66, 5F, F7, C7, DA, 4C, B1, 81, 85, EF, FE, C5, 88, EF, 80, F8, FF, 4E, E8, 54, 00, 00, 00, 85, C9, 76, 02, B7, FC, 25, 9C, D0, 01, 92, 1B, FD, 0F, AF, DB, F6, C4, 60, EB, 05, 00, C3, 1C, 13, F2, B9, 77, FF, 00, 00, FF, C0, F3, FE, CB, 81, F1, BC, 14, 00, 00, 43, 88, EE, 81, C1, 08, 03, 00, 00, 0F, AF, F3, 0D, 06, 23, FD, 46, 15, 68, 60, 38, 26, 03, E9, 0F, AF, C6, 8D, 1D, FF, 83, 58, DA, 0F, AF, DA, 81, ED, 38, 0D, 00, 00, 85, EB, 85...
 
[+]

Code size:
24 KB (24,576 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security