installer.exe

The executable installer.exe has been detected as malware by 5 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.conecpttoursmeta.com.
MD5:
c38ff3374acfecc7e1653b005306ba26

SHA-1:
d0d39ea0c8e48814f8e60389b2ac9af457c89385

SHA-256:
c14be27f0ce1ea5be64e1950600e2328467a9e0c91f0726c1fc517cc5b932ccd

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/27/2024 12:50:22 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1693.0

File size:
408 KB (417,792 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/3/2016 11:04:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:gbwlHXH1sciH646jNaIDsJ5Qzn1nKB95abHgRuXj4vkQb6v2:5l31sZqNaIDe0tKrAARuXj4sQb

Entry address:
0x47E98

Entry point:
60, 01, EA, B9, 78, 3C, E5, C6, 88, E1, 68, 7A, 77, 71, 00, 50, 69, E9, B2, 20, F8, 72, 72, 06, C6, C7, F0, 0F, B6, C6, 69, FB, D2, EC, B9, 6A, 0A, DB, 74, 02, B3, 1C, 3B, D5, 76, 02, 29, FD, 53, 53, 70, 0A, 47, 0F, AF, EB, 69, CD, 6E, 32, 2E, E8, EB, 03, C6, C5, 48, B9, 75, 69, 44, E1, 8A, CF, 33, EB, E8, 1B, 00, 00, 00, 0F, AF, EE, C7, C1, 76, BA, C1, EE, 05, F6, 25, 92, E9, C7, C1, 06, F2, 6D, 72, 03, D5, 89, D1, F3, 84, EA, 69, D2, 9F, 70, AF, 25, BF, 0B, 26, 43, 76, 3B, D9, 35, 9B, EA, 00, 00, 69, ED...
 
[+]

Entropy:
7.7481  (probably packed)

Code size:
312 KB (319,488 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security