home

installer.exe

Internet

The application installer.exe, “Internet Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.factorymetahead.com.
Product:
Internet

Description:
Internet Setup

Version:
4.1.3.4

MD5:
eef90a9f83178edabf435ed1582e4467

SHA-1:
fb2fe8c8ab8f7ff55b9eb32b59465fd2d48fe0e3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:42:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.2.9.3

File size:
731.8 KB (749,399 bytes)

Product version:
2.2.8

Copyright:
Lite Installer software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\documents and settings\noure\mes documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:132dzMm0BztPStv2lEka/GyRl7q3C8pJtaxt2KsdYl:132lMm0dtPStul3Ol7uaPl

Entry address:
0xA5F8

Entry point:
BB, C3, 7C, 13, 7D, 93, E9, 20, 01, 00, 00, D9, 7F, E2, DE, 8A, 0E, E2, DE, 4A, 55, 6A, 62, 62, E2, 62, 62, AE, 62, 62, 62, C1, 93, 98, 93, 92, 93, 9B, 99, 98, 62, 62, 62, D6, C3, DC, C7, C4, C3, CF, C3, 90, C6, CE, CE, 62, 62, 62, 62, BE, 62, 62, 62, A8, D4, C7, C7, AE, CB, C4, D4, C3, D4, DB, 62, A5, D4, C7, C3, D6, C7, A6, CB, D4, C7, C5, D6, D1, D4, DB, A3, 62, 62, 62, 62, A9, C7, D6, B9, CB, D0, C6, D1, D9, D5, A6, CB, D4, C7, C5, D6, D1, D4, DB, A3, 62, 62, 62, 62, A9, C7, D6, AF, D1, C6, D7, CE, C7...
 
[+]

Code size:
39.5 KB (40,448 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.factorymetahead.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.