home

InternetInstaller.exe

InternetInstaller

Mail.Ru

This is a setup and installation application. The file has been seen being downloaded from storage.icq.com.
Publisher:
Mail.Ru

Product:
InternetInstaller

Description:
Установщик браузера Интернет с сервислами Mail.Ru

Version:
1, 0, 0, 137

MD5:
33802d2972394b2faf73f9a21bc89254

SHA-1:
13c5ed0eb1f470dc1c7d4d6e287ad5914e40e031

SHA-256:
7780b2acc78bd059e22a141dcb0f24891e5285d477981f633cba8ab10cc8cc2e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 2:06:56 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.14204

File size:
23.6 MB (24,709,120 bytes)

Product version:
1, 0, 0, 137

Copyright:
Copyright 2011

Original file name:
InternetInstaller.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\rustv player\internetinstaller.exe

File PE Metadata
Compilation timestamp:
3/29/2012 7:40:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:0fsXWuM/JlbhxXiiliuoDRXCkKjh4Fm/BNeWFKRSifR2mVhYkQNcIUGL2qcgd:rXo3bziisuskjbXeeW2mjPQ2InL2M

Entry address:
0x15982C

Entry point:
E8, 0A, C8, 00, 00, E9, 79, FE, FF, FF, 75, 01, C3, 55, 8B, EC, 83, EC, 00, 50, 52, 53, 56, 57, 6A, 00, FF, 75, 04, E8, 2E, CB, 00, 00, 59, 59, 5F, 5E, 5B, 5A, 58, 8B, E5, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 8B, F2, 33, DB, 39, 1E, 8B, D1, 89, 55, F8, 89, 5D, FC, 7E, 3F, 57, BF, CC, CC, CC, CC, 8B, 46, 04, 03, C3, 8B, 08, 39, 7C, 11, FC, 75, 0A, 8B, 40, 04, 03, C1, 39, 3C, 10, 74, 14, 8B, 46, 04, FF, 74, 18, 08, FF, 75, 04, E8, 19, CB, 00, 00, 8B, 55, F8, 59, 59, FF, 45, FC, 8B, 45, FC, 83, C3, 0C...
 
[+]

Code size:
1.5 MB (1,573,376 bytes)

The file InternetInstaller.exe has been seen being distributed by the following URL.

http://storage.icq.com/.../InternetInstaller.exe

Scan InternetInstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.