instaosmgr.exe

AhnLab Online Security Installation Tool

AhnLab, Inc

The executable instaosmgr.exe has been detected as malware by 6 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ahnlabdownload.nefficient.co.kr.
Publisher:
AhnLab, Inc

Product:
AhnLab Online Security Installation Tool

Version:
2.2.0.575

MD5:
6e7d9a3408574e587e92d063a1ea0f21

SHA-1:
8bb3dbe803ed28f66827f7ffbe82a3c904bd5878

SHA-256:
c2fe9ffe8524c02295254062c405c38f2b6c5523b2a412ff72148ffc9f7a4520

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/27/2024 9:49:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160503-1

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1489.0

File size:
1.5 MB (1,532,856 bytes)

Copyright:
(C) Copyright 2008. AhnLab, Inc.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\instaosmgr.exe

File PE Metadata
Compilation timestamp:
5/11/2015 1:33:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:C+TkhNpc18/hwF/LoRtSJF6yk4o7yL/iL4CBoKSCDbkquP5F+O1Uhb+XVK6d7TH+:C+TGs8qFa00yhoejZzZdF+O1UQlK6d7n

Entry address:
0x3099

Entry point:
B8, 84, 22, 3F, EC, 75, 09, BA, 10, 2E, D0, B9, 8B, D6, FE, C0, C6, C2, 3A, 88, F1, EB, 0E, B7, F5, 8D, 05, 6E, A4, 77, DB, 81, DD, 30, B4, 01, 0D, 51, 8A, EC, E8, 0E, 00, 00, 00, 39, F9, 0F, CE, B5, CC, 33, EA, 8D, 0D, C7, 67, 68, 8E, 0D, 43, 72, B2, EE, 74, 05, BF, 30, C8, BB, 54, 81, FE, 37, 8D, 00, 00, 77, 0E, 69, C9, FA, B8, 26, 2D, 8D, 3D, DA, 44, D2, 92, 89, C8, 8D, 05, 9E, 9F, 7D, 5B, 8B, F8, 69, FA, 4F, F3, 36, 11, 8B, FE, 8D, 1D, 8A, FC, FF, FF, 81, C3, 76, 03, 00, 00, 03, DF, 89, FF, F7, D7, 8B...
 
[+]

Entropy:
7.9814  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file instaosmgr.exe has been seen being distributed by the following URL.

Remove instaosmgr.exe - Powered by Reason Core Security