installer.exe

The executable installer.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from www.townsoftwarebody.com.
MD5:
4f1dcf7608ef35db809b43c48578acfd

SHA-1:
e8700aeff46aacf4e8ffcbe961d79fb8771840fe

SHA-256:
4f4435a3c3197c69e6d1254156b0de0bb7d5c7b2e938bfe2f7048566e1dc3940

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/24/2024 5:56:41 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160112-0

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!ED6C4D41C32C
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3090.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

VIPRE Antivirus
Threat.4758034
46456

File size:
488 KB (499,712 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
1/15/2016 2:09:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:jZpE0S6AzVt2wEhA0oC4aVxlOsvQjv1MM7:tpEETwcAdUOs6v1M8

Entry address:
0x5E5C6

Entry point:
8D, 35, 39, 8C, D9, 16, 08, CD, 69, D6, 54, AF, 55, 03, 89, CE, 8D, 09, 84, D7, 87, FE, 03, C1, F7, C0, DA, 09, 44, F4, 39, F0, 53, 68, 62, 74, 2E, 00, B7, 96, 0F, C8, 3B, F8, 70, 02, FE, C1, 68, 04, 0E, 00, 00, 8D, 15, 9B, 12, 35, 14, 5F, 81, EF, 04, 0E, 00, 00, EB, 02, FF, CD, BB, 87, DF, BF, A9, 75, 08, C7, C1, E1, 3E, BF, 6D, F7, D9, 81, C7, 87, 00, 00, 00, 4A, 81, EF, 86, 00, 00, 00, 87, D9, 3B, D8, 76, 08, 29, CE, F7, C7, 94, E2, E2, 4A, 89, D2, 81, FF, 3B, 09, 00, 00, 72, C8, 86, D1, 2B, C7, E8, 13...
 
[+]

Entropy:
7.1435

Code size:
400 KB (409,600 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security