home

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.dlflashdl.com and multiple other hosts.
MD5:
1d4ce2d623f4823634b38127b89bb69e

SHA-1:
cbc409e721a68e89e378bb70d8daf5197e374129

SHA-256:
548a250597f1c8c8480ba4b54a61fcec087f4fa82c209a84211411cd38bc7b86

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:06:25 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Downloader
2016.02.28

avast!
Win32:Malware-gen
160215-2

Reason Heuristics
(M)
16.6.23.15

File size:
488.5 KB (500,258 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
12/27/2015 6:38:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FIaMnnQ+lCshIVnx3Y3emTLgY+sJ4iLu7ttAl2QuhOb1SC7:FRsnQ+4tVneX+sJFLuxcduhGIC7

Entry address:
0x310D

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 1C, C7, 44, 24, 14, 88, 91, 40, 00, 33, F6, C6, 44, 24, 18, 20, FF, 15, B4, 70, 40, 00, FF, 15, B0, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, E4, 2D, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 7C, 91, 40, 00, E8, 65, 2D, 00, 00, 68, 74, 91, 40, 00, E8, 5B, 2D, 00, 00, 68, 68, 91, 40, 00, E8, 51, 2D, 00, 00, 6A, 0D, E8, B4, 2D, 00, 00, 6A, 0B, E8, AD, 2D, 00, 00, A3, 44, EC, 42, 00, FF, 15, 34, 70, 40, 00, 53, FF...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file installer.exe has been seen being distributed by the following 15 URLs.

http://www.dlflashdl.com/.../installer.exe

http://www.giftdownloadscycle.com/.../installer.exe

http://www.currentgiftstock.com/.../installer.exe

http://www.appstoursbinaries.com/.../installer.exe

http://www.signtownquick.com/.../installer.exe

http://www.downloadsignfactory.com/.../installer.exe

http://www.flashapplicationsworld.com/.../installer.exe

http://www.downloadsbestclear.com/.../installer.exe

http://www.bestpresentdownloads.com/.../installer.exe

http://www.downloadheadbits.com/.../installer.exe

http://www.bulkbundlefiles.com/.../installer.exe

http://www.bitsdownloadshost.com/.../installer.exe

http://www.bundlesrepositorynew.com/.../installer.exe

http://www.cleartodaydelivery.com/.../installer.exe

http://www.sendcityapps.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.