» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.contentchucklebundle.com.

File name:

installer.exe

MD5:

59691f1614f54eb053e7ef7f70ecc0d7

SHA-1:

f745d3c51bdd8444c34562e0e7429e842a0b28fa

SHA-256:

229c82cf8846d1f627d902048633d71851df26928571a739f8cd91d6955b20ca

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 6:45:38 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.7400

Kaspersky

not-a-virus:AdWare.Win32.DealPly

15.0.0.562

Norman

Gen:Variant.Application.Bundler.71

11.01.2016 17:30:26

Panda Antivirus

Trj/Swizzor.S

16.01.16.09

Qihoo 360 Security

QVM08.0.Malware.Gen

1.0.0.1077

File size:

328 KB (335,872 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

1/16/2016 1:02:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:akvF0EyKtz4JBWBbX0Y6KT3f7gzj+v0RXr+OkT9wI0+SF0P0:akv6K9QrYf8jbx+OkTi+4i0

Entry address:

0x465B7

Entry point:

6A, 60, 68, 70, D1, 44, 00, E8, 31, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 81, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 20, D0, 44, 00, 8B, 4E, 10, 89, 0D, 38, FC, 44, 00, 8B, 46, 04, A3, 44, FC, 44, 00, 8B, 56, 08, 89, 15, 48, FC, 44, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, FC, 44, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, FC, 44, 00, C1, E0, 08, 03, C2, A3, 40, FC, 44, 00, 33, F6, 56, 8B, 3D, 14, D0, 44, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

6.7863

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

304 KB (311,296 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.contentchucklebundle.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.