home

installer.exe

The executable installer.exe has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hostingdomainfilesdlievery.com.
MD5:
8590ec5aed21fe4bebdd7519eef38104

SHA-1:
fe73b29b319e185ecf9096053aa963a5b6c6cdb3

SHA-256:
eb5e2b8088b7cf05ce67a924f430e500f45e8d083ca329278c7ef0203efe1279

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 5:55:09 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-0

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!DA1F9C647FCF
18.0.204.0

File size:
540.6 KB (553,533 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
12/26/2015 9:38:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kfjgoWwzZJZ8/mby9H1E/xJYdG/hYYpIwPYmqi3Qz72a:kk6K/v1sxJYdG/iu1bqV71

Entry address:
0x310D

Entry point:
81, FA, F9, 2F, 00, 00, 78, 02, 84, EC, 22, EA, 71, 03, 80, C8, DC, 8B, EF, 43, B2, A1, 8A, E7, FF, C5, 18, C4, 03, CE, 00, E3, 1A, F2, 45, 69, FD, 03, 23, 10, 50, 8A, D2, 8D, 35, 74, 86, 4D, 25, B0, 2A, EB, 06, 8D, 15, 94, 57, 54, 86, E8, 00, 00, 00, 00, 85, F7, 72, 03, F6, C4, DF, 69, D5, A6, 49, 01, D4, 4A, 0F, BF, F8, B2, ED, 89, DE, 8A, F7, 81, F3, C9, EA, 00, 00, 8A, D3, 8D, 05, 56, DA, C7, 60, 81, D2, 16, 7B, E3, 73, 59, 8D, 1D, 9E, 02, 0A, 17, 80, D7, FE, 0F, B6, DD, F7, C1, F0, CE, D5, C8, FE, CE...
 
[+]

Code size:
24 KB (24,576 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.hostingdomainfilesdlievery.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.