installer.exe

The executable installer.exe has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from www.sendheartbulk.com.
MD5:
008c7848eb156749a750814daaed6f74

SHA-1:
d278ebd93ade164aa9b1e2dcb6585c37ba495d2b

SHA-256:
610b72d089f184c3cd28eb39aab62a62e9abc7358aac04447ca8e5c6154c519d

Scanner detections:
12 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 1:24:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160112-0

AVG
Win32/Ramnit.A
2015.0.4477

Clam AntiVirus
W32.Ramnit-1
0.98/21267

Dr.Web
Win32.Rmnet
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit
10.0.0.5366

ESET NOD32
Win32/Ramnit.A virus
7.0.302.0

F-Prot
W32/Ramnit.B
4.6.5.141

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

McAfee
Program.Artemis!F7A3E4C5039D
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3100.0

Norman
Win32.Ramnit
11.01.2016 17:30:26

VIPRE Antivirus
Threat.4726519
46444

File size:
436 KB (446,464 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/12/2016 10:06:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:2BiPhoLa0IOfDfZuCHCRJSe5fQgpSUaKwOj5Oe:2QoLaLOfDoCHmS+fQhUKD

Entry address:
0x5F000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Entropy:
6.8874

Packer / compiler:
ASPack v1.08.04

Code size:
356 KB (364,544 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security