installer.exe

The executable installer.exe has been detected as malware by 9 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.giftgrabbest.com.
MD5:
5d8d62bd6d03f3e6012a200b70c7a5d6

SHA-1:
c43a8397f163869cf59c6907b9c32810755a1a0b

SHA-256:
0b4ad236808a5a3c0f02119c6f0c7d2c4f90e10b05715985d2d1160b72aa14ff

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/27/2024 1:18:07 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160126-1

Dr.Web
Trojan.Swizzor.19586
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

McAfee
Trojan.Artemis!CC6A55CDA7D8
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5692.0

Norman
Win32.Sality.3
08.02.2016 04:24:12

VIPRE Antivirus
Threat.4721115
47030

File size:
272 KB (278,528 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/31/2016 4:15:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:27UztnjrKmI22RyMPQGwlVfnZdxPmzhyd0vNXN/:27wnjrKmI24yMPpwlV/ZjPGPN/

Entry address:
0x27A75

Entry point:
80, C3, 4F, F3, 70, 07, 84, CE, 89, DB, C6, C2, 38, 08, E5, EB, 06, FE, C9, 80, C8, F7, 4B, 8D, 2D, 2C, AC, FB, 8B, 89, D6, 05, 42, 77, 6F, 1A, 8D, 3D, F1, 72, EE, 62, 00, DA, E8, B3, 00, 00, 00, 0F, BF, F8, FF, C6, B4, C3, 43, 3D, 29, 47, 23, 1B, 84, CC, 19, F2, 6A, 00, 59, 80, CC, 6E, 8D, 35, F1, 64, 30, 31, 33, C8, FE, CA, B7, BA, BA, 00, 00, 00, 00, F7, C5, 16, 04, B0, 53, 69, C0, 80, BA, C6, 7D, 80, EB, 8B, 69, EA, 93, 2B, F5, 65, 1D, 7E, A7, 46, 0C, FF, CD, 8D, 1D, E8, A8, D1, 7A, 0F, AF, C5, BE, 55...
 
[+]

Entropy:
7.6744

Code size:
180 KB (184,320 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security