installer.exe

Installer

Application Software

The application installer.exe, “Installer Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.binariesbulkshare.com.
Publisher:
Application Software

Product:
Installer

Description:
Installer Setup

Version:
4.2.2.8

MD5:
f310e4ba40de4220db4aa5f03423b2f5

SHA-1:
bc505b4c0761672b7b15a3718d38bac1e29a6c1c

SHA-256:
484c9341485b617630826ab273978837714b7222ff7630d3066f61a00a6d98d8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/7/2024 8:47:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.2.9.7

File size:
647 KB (662,505 bytes)

Product version:
2.5

Copyright:
Internet

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:FjZMQKsP0g82CqnogIFfu1USOVNF3x5wOeyrjBTrpoRl7q3C8pJth:FtMx7g0qj6G15OL51rpal7uh

Entry address:
0xA5F8

Entry point:
C6, C2, 3D, 19, DA, F7, D0, 0F, AF, C7, 4F, 81, C1, F7, 91, 00, 00, 81, C1, F7, 07, 00, 00, 0F, B6, D3, 86, D0, 8B, E9, E8, 12, 00, 00, 00, F6, C4, CC, BA, EE, F1, 72, DC, 84, CD, 81, F5, 22, 7F, 00, 00, 85, CE, 8D, 3D, A4, 36, DB, 4F, 75, 04, 43, 4F, 0F, CE, 41, 33, ED, 8B, CD, 5B, 81, F9, 55, A8, 00, 00, 70, 09, FF, CF, FE, C0, C6, C5, 62, 34, 0F, 3B, C6, 77, 03, F6, C3, C2, 81, C2, 2C, F1, 00, 00, 86, ED, 81, C2, C5, 01, 00, 00, 0F, CF, 8A, E5, 88, E1, 0F, C8, 0F, C9, BE, C4, DF, FE, FF, FE, C9, 81, C6...
 
[+]

Entropy:
7.8281  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security