installerdu-2.4.1.3369.exe

Carambis Installer

Carambis (MEDIA FOG LTD.)

The application installerdu-2.4.1.3369.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.carambis.com.
Publisher:
Carambis (MEDIA FOG LTD.)

Product:
Carambis Installer

Version:
1.0.0.2

MD5:
5ec3422b9cdd68b024f11146cf8df59a

SHA-1:
ee4f044ffda4630f9c3d18343183f405ed4dc363

SHA-256:
f235e382e70d3cbbffd917baf9a3839b41ddf9f2bbd5c97e6c5fd49d15e5e15b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:59:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler (M)
16.8.21.0

File size:
1.1 MB (1,119,198 bytes)

Product version:
1.0.0.2

Copyright:
Carambis (MEDIA FOG LTD.) All rights reserved. 2014

Original file name:
Carambis Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installerdu-2.4.1.3369.exe

File PE Metadata
Compilation timestamp:
12/18/2014 12:22:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:Ohwv6RjKJ7OYu7qgOgJ5yVihLKuovdmPrqiTGdaOcIZihjU58B:QxKxgJEViRKd1yr5TKDcpm8B

Entry address:
0x2C0000

Entry point:
90, B9, E6, 1E, 31, 00, 90, 90, BA, 24, 00, 6C, 00, 90, 68, 98, 05, 00, 00, 5E, 90, FF, 34, 32, 31, 0C, 24, 8F, 04, 32, 90, 83, EE, 02, 83, EE, 02, 90, 75, ED, 0E, 63, 30, 00, E6, 1E, 31, 00, E6, 1E, 71, 00, 56, DC, 1A, 00, FE, 42, 3F, 00, 38, 7D, 3F, 00, E6, AE, 33, 00, 19, E1, CE, FF, A6, E5, 5A, 00, 38, E2, 5A, 00, 0A, E2, 5A, 00, E6, 1E, 31, 00, E6, 1E, 31, 00, E6, 1E, 31, 00, A6, 21, 3F, 00, 3A, E2, 1A, 00, 0C, E2, 1A, 00, E6, 1E, 31, 00, E6, 1E, 31, 00, E6, 1E, 31, 00, E6, 1E, 31, 00, E6, 1E, 31, 00...
 
[+]

Entropy:
7.9935  (probably packed)

Code size:
900 KB (921,600 bytes)

The file installerdu-2.4.1.3369.exe has been seen being distributed by the following URL.

Remove installerdu-2.4.1.3369.exe - Powered by Reason Core Security