home

iSpySetup.exe

iSpy package installer

DEVELOPERINABOX

The executable iSpySetup.exe has been detected as malware by 4 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
DEVELOPERINABOX  (signed and verified)

Product:
iSpy package installer

Version:
6.5.8.0

MD5:
ec00b29bfd125b98c8e19abff9aa71bc

SHA-1:
c4772591524a6025c20ddf276ba56f213ca1ee5f

SHA-256:
2a4cc93aafe52f6446f7784ddd36cd111a3b27c5c8ce6d83818980b0bea82fd7

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/15/2024 5:52:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Floxif
2013.0.4477

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
656.4 KB (672,151 bytes)

Product version:
6.5.8.0

Copyright:
Copyright© 2015, DeveloperInABox

Original file name:
iSpySetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\.be\ispysetup.exe

Digital Signature
Signed by:
DEVELOPERINABOX

Authority:
COMODO CA Limited

Valid from:
6/3/2015 6:00:00 AM

Valid to:
6/2/2018 5:59:59 AM

Subject:
CN=DEVELOPERINABOX, O=DEVELOPERINABOX, STREET=30 Riverslea Drive, L=Margaret River, S=Outside United States, PostalCode=6285, C=AU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FC1131649217340C9655FEF541399BDA

File PE Metadata
Compilation timestamp:
6/24/2015 5:50:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:4X91EcGdlZBpdsB6MbFjFSRtsWPVoALYig/wLmnCT/d1LUCLyG3BjvrEH7etP:4X9FGdL/Ho7SxP6/ig/wLmnCT/d1LUId

Entry address:
0x2A6C7

Entry point:
E9, E9, 92, FE, FF, E9, 80, FE, FF, FF, 3B, 0D, 04, 80, 46, 00, F2, 75, 02, F2, C3, F2, E9, 61, 07, 00, 00, 55, 8B, EC, EB, 1F, FF, 75, 08, E8, 1A, 6C, 00, 00, 59, 85, C0, 75, 12, 83, 7D, 08, FF, 75, 07, E8, 29, 09, 00, 00, EB, 05, E8, 05, 09, 00, 00, FF, 75, 08, E8, 91, 6C, 00, 00, 59, 85, C0, 74, D4, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, 32, 09, 00, 00, 59, 5D, C3, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, 50, F3, 45, 00, 74, 07, 56, E8, 17, 09, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, CC, CC, CC, CC...
 
[+]

Entropy:
7.2166

Packer / compiler:
Xtreme-Protector v1.05

Code size:
291 KB (297,984 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
{5df0d80b-060a-450a-863d-6fb7ce7e02e0}

Command:
"C:\ProgramData\package cache\{5df0d80b-060a-450a-863d-6fb7ce7e02e0}\ispysetup.exe" \burn.runonce


Remove iSpySetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.