installer.exe

The executable installer.exe has been detected as malware by 9 anti-virus scanners. The file has been seen being downloaded from www.gifttourbits.com.
MD5:
c95ceb5fe0ec64db6b009cbdf71f1980

SHA-1:
d244ee5bf5c894946fca5960f667eb30f309122d

SHA-256:
8679218ff13d5fcc8e5c66d5e400ca644ff297d122a22f73c1bcd6405be0502b

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/27/2024 2:16:17 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160327-1

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!6E5918D4400A
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.1298.0

Norman
Win32.Sality.3
10.04.2016 15:29:17

File size:
420 KB (430,080 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/12/2016 6:32:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:Lk8CJyDE5fCBEhGgqfNHYIA3Y9+zmJ3NU:I8Bw5fCUjs1YN3i+w9U

Entry address:
0x4ECF6

Entry point:
60, 74, 03, 0F, BE, FF, B8, D9, E3, 84, 6C, 86, E4, FF, C7, FF, CF, 2D, CE, 8A, F7, DD, 1A, D4, 81, E2, B3, AE, 04, 20, 81, D0, 9F, A9, A5, 15, EB, 09, 1A, D3, 8D, 1D, 5D, 64, FF, E8, F3, B9, B3, 5C, 00, 00, 0C, 78, 87, DA, 81, F1, C4, 49, 00, 00, 85, D5, 81, F9, 0B, 4A, 00, 00, 78, 04, 02, F1, 8B, C5, 33, E9, 20, D2, 11, FB, 69, FE, 1B, 28, 14, 8E, 0F, AF, C8, 8D, 3D, A2, 55, 2C, 06, 8D, 0D, 96, EF, 0D, 8B, 88, CC, C6, C7, 7F, 8D, 15, D3, 46, C9, C0, EB, 06, F7, C0, 29, 63, C0, 88, 80, CF, 31, 85, D6, FE...
 
[+]

Entropy:
6.9994

Code size:
332 KB (339,968 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security