installer.exe

The executable installer.exe has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bundlefilesstock.com.
MD5:
91b3ca5d14a7276fce992d8c0fe95e62

SHA-1:
edd6660a3b7f47e8189fa9fbc46f60d27ab7f8b4

SHA-256:
e4e143dd3755491e755cd45becc988d2ff2dce89229fbfe1af20ad31ce0e264d

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/24/2024 5:27:16 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Oncer
160213-1

AVG
Win32/Chir.B@mm
2015.0.4522

Dr.Web
Trojan.Swizzor.19587
9.0.1.05190

Emsisoft Anti-Malware
Win32.Runouce.B@mm
10.0.0.5366

ESET NOD32
Win32/Chir.B virus
8.0.319.0

F-Prot
W32/Thecid.B@mm
4.6.5.141

Kaspersky
Email-Worm.Win32.Runouce
15.0.0.562

McAfee
Virus.W32/Chir.b@MM
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6222.0

File size:
338.5 KB (346,620 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/4/2016 12:08:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:0+fuos3iD45BpFvKSaVoQdyMU7GTAJMukr3KZn05yjjRbGVzJYT5Y2mf5P+hEN2:1fD4FFvyWkn0JjKK05CkzmTcN+eN

Entry address:
0x54000

Entry point:
60, E8, E6, 19, 00, 00, 8B, 74, 24, 20, E8, 08, 00, 00, 00, 61, 68, 90, 71, 44, 00, C3, E9, 59, E8, 01, 16, 00, 00, 81, E6, 00, F0, FF, FF, 81, EE, 00, 10, 00, 00, 66, 81, 3E, 4D, 5A, 75, F3, 0F, B7, 7E, 3C, 03, FE, 8B, 6F, 78, 03, EE, 8B, 5D, 20, 03, DE, 33, C0, 8B, D6, 83, C3, 04, 40, 8B, 3B, 03, FA, E8, 0F, 00, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 41, 64, 64, 72, 65, 73, 73, 00, 5E, 33, C9, B1, 0F, FC, F3, A6, 75, DA, 8B, F2, 8B, 5D, 24, 03, DE, 0F, B7, 0C, 43, 8B, 5D, 1C, 03, DE, 8B, 1C, 8B, 03, DE, 81...
 
[+]

Entropy:
7.6459

Packer / compiler:
ASPack v1.08.04

Code size:
308 KB (315,392 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security