» libusb-win32-devel-filter-1.2.6.0.exe
Overview
Analysis
File Details
Downloads (1)

libusb-win32-devel-filter-1.2.6.0.exe

LibUSB-Win32

The executable libusb-win32-devel-filter-1.2.6.0.exe, “LibUSB-Win32 Setup ” has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.lgtool.net.

File name:

Publisher:

LibUSB-Win32

Product:

LibUSB-Win32

Description:

LibUSB-Win32 Setup

Version:

1.2.6.0

MD5:

eb3276da60be35fd1c5a9a0b366d302d

SHA-1:

95febd0ba26a8e735624c731113781bab31f4bee

SHA-256:

107222485eb1e37a77b01030a1bb1ea236b6b84503636eaaa2af5f1cd9960f01

Scanner detections:

5 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/23/2024 11:31:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

Norman

Win32.Sality.3

19.05.2016 01:04:49

File size:

694.5 KB (711,121 bytes)

Product version:

1.2.6.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\documents and settings\administrateur\mes documents\downloads\libusb-win32-devel-filter-1.2.6.0.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:b39khMK+5pckr9weWqxu4gWCLeUvnGEeffY++BLCwy5wvnKGMwDzdsKLQ4Qd:b3WhH+DR9P5FUvnGVffrMLC15wvnPdsn

Entry address:

0x9C18

Entry point:

84, CB, 09, DD, 35, 8B, 4E, E5, 0D, 8D, 05, 6B, 7D, 5A, 24, 8D, 2D, 25, B5, FD, 15, 10, EE, 0F, BE, CD, C6, C0, D8, F2, 88, C3, F7, C7, DD, 46, 9E, 13, 30, C7, 84, E0, 0F, AF, FE, 0F, B7, DB, 8D, 0E, F2, 81, E5, 84, C3, 99, 89, 22, E4, 4F, 51, 19, FF, 23, FD, C7, C7, BF, 13, 81, 6A, 5A, 0F, AF, EB, 69, F8, 7D, 2B, 18, 81, 2A, DC, BF, 91, F7, 20, 11, 86, E8, 8B, C7, 2B, F2, 74, 02, 87, C0, F3, B9, 7D, 5E, F7, 02, EB, 0B, C6, C3, B9, 25, D5, 7A, 3E, 5D, 0F, AF, C5, 68, 69, A5, 42, 00, FE, C4, 42, 30, D9, E8... 
[+]

Code size:

37 KB (37,888 bytes)

The file libusb-win32-devel-filter-1.2.6.0.exe has been seen being distributed by the following URL.

http://www.lgtool.net/.../libusb-win32-devel-filter-1.2.6.0.exe

Remove libusb-win32-devel-filter-1.2.6.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.