home

installer.exe

The executable installer.exe has been detected as malware by 6 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.megahostbundle.com.
MD5:
e069391b5fe8991559d5d892dcc982e4

SHA-1:
ccd7cf7492c7ae8f74877513b38c6f1f7363e33b

SHA-256:
4f427ffa32a6c99bebf9ea96f2f413985920055eac93d55ca267285caf5355e5

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 3:08:52 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160205-1

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
10.0.0.5366

ESET NOD32
Win32/Virut.NBP virus
7.0.302.0

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5996.0

File size:
376 KB (385,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/27/2002 7:12:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:XpE43EZHPC9n6tG/FOA7XJHau63g1NJ7/fbSTqZgNRlvqDvmxmS3GPfbYFq2FV:ZE4GvElN9zIuKe3fuTlNfvcvmxT32bI/

Entry address:
0x4F0E4

Entry point:
86, F6, 68, 44, 69, 00, 00, F8, 58, 87, C9, B5, 14, 86, CD, F7, D1, 86, ED, E9, EE, 07, 00, 00, AD, 68, 9F, 00, F8, AE, 52, 19, 71, DE, C8, 00, 20, E0, D5, 23, 37, B0, 3C, 11, 00, 85, F2, 02, 14, 19, 6D, D7, 00, 53, 81, 5E, 80, FF, 21, 5B, 00, CD, F5, 59, 00, 29, FD, 7E, 00, 25, E1, 03, 00, 00, 00, A0, 05, D5, 98, 00, 5D, 00, 21, C4, 00, 40, EC, 95, 00, C1, FA, 87, 05, 00, 00, F7, 80, 48, EB, 00, 2C, 00, 00, 00, A8, 01, 45, 00, 00, D8, E3, 00, 24, 7D, 5D, A0, C3, 00, 5F, 00, 00, 00, B1, C8, C9, 2F, C9, 89...
 
[+]

Entropy:
7.6761

Code size:
316 KB (323,584 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.megahostbundle.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.