installer.exe

The executable installer.exe has been detected as malware by 29 anti-virus scanners. The file has been seen being downloaded from www.funcleanbest.com.
MD5:
47d687a151f43e10eccadcc03cf5dfd7

SHA-1:
e5ef6fc60833f8ae845e0457126637c91d0b8726

SHA-256:
efb1cae8038fe0b6d049d6b5c23fa7b5881cb45c936975d38ec646711b00c327

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
11/24/2024 6:50:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.113.236

avast!
Win32:AutoRun-CWJ [Trj]
2014.9-160229

AVG
Worm/Delf
2017.0.2819

Bitdefender
Trojan.Generic.KDV.391478
1.0.20.300

Bkav FE
W32.MafocenMV.RSF
1.3.0.4562

Clam AntiVirus
WIN.Virus.Tainp
0.98/18155

Comodo Security
TrojWare.Win32.Spy.E
17286

Dr.Web
Win32.HLLC.Siggen.9
9.0.1.060

Emsisoft Anti-Malware
Trojan.Generic.KDV.391478
8.16.02.29.01

ESET NOD32
Win32/AutoRun.Delf.LV
10.9057

Fortinet FortiGate
W32/AutoRun.SOT!tr
2/29/2016

F-Prot
W32/Autorun.ZF
v6.4.7.1.166

F-Secure
Trojan.Generic.KDV.391478
11.2016-29-02_2

G Data
Trojan.Generic.KDV.391478
16.2.22

IKARUS anti.virus
Virus.Win32.Pintu
t3scan.2.2.29

K7 AntiVirus
Riskware
13.173.10217

Kaspersky
Virus.Win32.Renamer
14.0.0.590

McAfee
W32/Tainp.a
5600.6475

Microsoft Security Essentials
Virus:Win32/Pintu.A
1.163.1557.3

MicroWorld eScan
Trojan.Generic.KDV.391478
17.0.0.180

NANO AntiVirus
Virus.Win32.Renamer.lxyhd
0.28.0.56174

Norman
AutoRun.CMYN
11.20160229

Panda Antivirus
Trj/dtcontx.I
16.02.29.01

Quick Heal
W32.Pintu.A
2.16.12.00

Rising Antivirus
Trojan.Win32.StealIcon!559F
23.00.65.16227

Sophos
W32/Renamer-J
4.94

SUPERAntiSpyware
Trojan.Agent/Gen-Pintu
9295

Trend Micro House Call
TROJ_AGENT_011969.TOMB
7.2.60

Trend Micro
TROJ_AGENT_011969.TOMB
10.465.29

File size:
827 KB (846,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/9/1996 11:59:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:DwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEi888888888888W8888888B:fNzCtUpQ9WWPBSSRMTEpXNg

Entry address:
0xABCA0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 64, 5E, 4A, 00, E8, 83, EB, F5, FF, 8B, 1D, B4, E1, 4A, 00, 8B, 03, E8, B6, 49, FF, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, E3, 66, FF, FF, 8B, 0D, B4, E0, 4A, 00, 8B, 03, 8B, 15, 98, 5A, 4A, 00, E8, AC, 49, FF, FF, 8B, 0D, F0, E1, 4A, 00, 8B, 03, 8B, 15, F8, 54, 4A, 00, E8, 99, 49, FF, FF, 8B, 03, E8, E2, 4A, FF, FF, 5B, E8, C8, A9, F5, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5199

Developed / compiled with:
Microsoft Visual C++

Code size:
682.5 KB (698,880 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security