home

installserver.exe

This is a setup program which is used to install the application.
MD5:
cdf249936cc91c2e1fb34b90ee724648

SHA-1:
8a0bea89f1da1da83117a1f2ea9e002b346dbb7e

SHA-256:
10b5255dfb439d9b5b254762cdecab01aefb4578364347fddde2e65129141e87

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 7:49:15 AM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
Riskware/InstallServer
2/26/2014

File size:
36.5 KB (37,332 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installserver.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
768:WGnS6LaYKERRC/hhcnn4AmCVNRtskjX3mOflOk8gExA5oQuT5h2vhhhjS5x:WGr/vUhhClJKkr3LfeRq5oQS2M

Entry point:
7A, 00, 00, 10, 95, 72, 1F, 10, 95, 72, 1F, 10, D6, D2, 2E, 94, 45, 50, 4F, 43, C7, 3F, 54, 18, 00, 00, 0A, 00, FC, 7A, 1F, 10, 02, 01, 25, 02, 80, E5, 7C, E0, F5, 1E, E1, 00, 2A, 00, 00, 12, C8, DB, 00, 00, 00, 00, 00, 00, 00, 10, 00, 00, 00, 00, 10, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 11, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C8, DB, 00, 00, 9C, 00, 00, 00, 00, 00, 00, 00, 64, DC, 00, 00, 20, E7, 00, 00, 00, 00, 00, 00, 5E, 01, 00, 20, FC, EA, 00, 00...
 
[+]

The file installserver.exe has been seen being distributed by the following 2 URLs.

temp:installserver.exe

http://mobileleader.ru/download/soft/.../installserver.exe

Scan installserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.