installer.exe

The application installer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address 198.105.217.60.static.midphase.com on port 80 using the HTTP protocol.
Description:
Update

Version:
4.0.6.44

MD5:
a49a1a4d35ab32336d663198d886ac9e

SHA-1:
c066c32ef47f7f5c2ccdec882a1b3990cf5f19b8

SHA-256:
54bf47e5f09c0cc5ddbe0f2068952bf7931aed000dc4a48b588d8c538a9bea78

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:10:42 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/DomaIQ (variant)
7.9138

Reason Heuristics
Adware.DomaIQ.Bundler
16.2.22.22

XVirus List
Win.Detected
2.3.31

File size:
5.5 KB (5,632 bytes)

Product version:
4.0.6.44

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

File PE Metadata
Compilation timestamp:
12/3/2013 6:38:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
48:6CyKcwDdRicqUCBGDmvbUfCNnf/Y9NOezJtufg0i9sgh0PCjpeBGUFqcKn94exUn:dDSzU7F2fTg0i4PCFs8cw9jT

Entry address:
0x2D7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.5 KB (3,584 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 198.105.217.60.static.midphase.com  (198.105.217.60:80)

Remove installer.exe - Powered by Reason Core Security