» installer_directx_spanish.exe
Overview
Analysis
File Details
Downloads (1)

installer_directx_spanish.exe

Tunorobemo

Bem

The application installer_directx_spanish.exe, “Tunorobemo Setup ” has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.downloadheartcontent.com.

File name:

Publisher:

Bem

Product:

Tunorobemo

Description:

Tunorobemo Setup

Version:

3.2.1.7

MD5:

89848497f8cd493c57ba7001b50b3864

SHA-1:

b652221afb0cb3f1ed9b1b5557b12f9495a4c976

SHA-256:

8cb391463f1f22753833f35570750597c5c82d8cab504c9536d1d23b1789680e

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/27/2024 8:29:05 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160708-3

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

16.07.10

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.598.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

Reason Heuristics

Adware.Bundler.ET (M)

16.7.10.22

File size:

1 MB (1,093,840 bytes)

Product version:

2.1.0

Installer

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\installer_directx_spanish.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:OC7hyCOOmBWN77+UtRzEJYabTZ8NKg9izYbTv6vRmxyu:OmYYNeUthExPSNwoeg

Entry address:

0xA5F8

Entry point:

68, 97, 14, 46, 00, 89, D1, 0F, AF, D9, C7, C7, 8B, E9, D2, F5, 41, 81, EA, 53, 06, 00, 00, B7, 9B, 81, C2, A5, 00, 00, 00, 69, EF, 14, 54, 64, C6, 2C, DB, 68, 9E, 7F, C0, 00, 53, EB, 02, 39, F5, E8, 0C, 00, 00, 00, F6, C7, A4, 0F, CA, 77, 01, 46, 03, D8, 8B, EF, EB, 05, BE, 38, 26, 2E, F8, B8, 49, 00, 00, 00, C7, C2, 10, 46, 01, A5, 6B, C0, 0E, EB, 06, 8B, CD, F7, D3, FE, C3, 09, FD, 89, C5, 8D, 35, 37, 0A, 00, 00, 74, 04, 86, EA, 19, FD, 81, C6, 39, 03, 00, 00, 84, EF, 2B, C6, 8A, D5, 05, 6F, 0D, 00, 00... 
[+]

Code size:

39.5 KB (40,448 bytes)

The file installer_directx_spanish.exe has been seen being distributed by the following URL.

http://www.downloadheartcontent.com/WVl6OTRQVEp4V0ZOU1ltaHJVSEJZWjA5TGNsZHhOekJIYmxWNmRtNTNOME1sTWtJM2QwZGxSbVJuVkdseE1WTlhVU1V6UkNaalBXSmlZM0JLUTJweGMySlBXR3hXUTAxcmFXZHNNakJxTUNVeVFqQkdKVEpHZURSQ1NVeGhSREpXWmpGWFNWZERVRU5WVms1cmRHVm9iRVpVU1NVeVJqUlJWR3hFZWlVeVFsUlNTbVJzZGxsWmFHRlpVakZSU1RkMU16VlZRazVHVDJoaVZuQnlUemN3SlRKR2NHczRRMEpuVVdab1JVcDVaR2xsTTFkNGFGZzJPVEpwUkNVeVJqTkNPU1V5UmprbVpHOTNibXh2WVdSQmN6MXBibk4wWVd4c1pYSmZaR2x5WldOMGVGOVRjR0Z1YVhOb0xtVjRaU1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbmh0YkdsdWMzUmpjQzFtY0cwdWNHOXlkR0ZzTFdaaFkzUnZjbmt1WTI5dEpUSkdZMjFrSlRKR1pYSnliM0pmYVdNdWNHaHdKVE5HZUhKcGNDVXpSREU1TVM0eE1ESXVNakUyTGpVeUpUSTJZMjkxYm5SeWVXRXlKVE5FUTA4bE1qWndZWEowYm1WeUpUTkVVMFZQSlRJMmIzSnBaMlZ1SlRORVUwVlBKVEkyY0hKdlozSmhiU1V6UkVScGNtVmpkRmdsTWpZelpIQmhjblI1WDJOb1lXNXVaV3dsTTBSVFJVOHdNRm81T0RCbE0ySmpNV1k1TURJMlkyRTRaRFExT0RBM01qSm1aRFUzWTJZM09DVXlObTkxSlRORWFIUjBjQ1V5TlROQkpUSTFNa1lsTWpVeVJtUnBjbVZqZEhndVkyOXRMbVZ6SlRJMlpIVWxNMFJvZEhSd0pUSTFNMEVsTWpVeVJpVXlOVEpHWkc5M2Jt

Remove installer_directx_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.