installer.exe

The executable installer.exe has been detected as malware by 7 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.contentquicknow.com.
MD5:
8d5e17f432f953db15e98b9a4ff5876e

SHA-1:
feceeee7ada40989286262a4f67c108aa12bc17d

SHA-256:
79345e5e12418b7eca4c547359d9fe484b5159ed4f98bd17fddc030d08949cbc

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/7/2024 5:43:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160118-1

Dr.Web
Win32.Sector.12
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality.OG
10.0.0.5366

ESET NOD32
Win32/Sality.NAU virus
7.0.302.0

McAfee
Trojan.Artemis!0C35D68942D8
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5427.0

VIPRE Antivirus
Threat.416209
46958

File size:
384 KB (393,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/3/2016 11:11:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:OMmn61DbvUyuquYAxcQ4l3CcrET7+e4089pOQ+k/2LiJTHBtUPcY:Q61M3quYK4lSyET7+/pOQ+k/SiJNtUPl

Entry address:
0x40F2D

Entry point:
60, 33, C1, 0C, 69, 8D, 05, 87, 2E, 39, 18, 35, 09, A8, CB, 62, E8, 20, 00, 00, 00, 82, 09, 2B, 7E, 7D, 59, 15, 3D, CA, EA, 90, 56, B0, 32, 88, 42, 5A, DD, 46, 52, 88, 84, AD, 31, 5C, AC, 9C, 5D, B2, 6B, 33, F5, 68, EF, D3, 72, 00, 6A, 00, 59, 51, FF, 15, 10, 80, 44, 00, 58, 58, 3B, ED, 0F, A5, F7, 70, 12, 33, E8, 0F, C1, CB, 0F, BC, FE, 23, CF, F7, C2, 16, 81, 40, 03, 84, E7, 81, C0, 7E, 8F, 00, 00, C7, C1, 2F, 36, 21, 60, 0F, CB, 0F, AF, DA, 81, C0, 8E, 36, 00, 00, F7, D1, 0F, A5, F7, 89, E9, 81, C0, A3...
 
[+]

Entropy:
7.7608  (probably packed)

Code size:
284 KB (290,816 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security