home

openvpn-install-2.3.11-i601-i686.exe

The executable openvpn-install-2.3.11-i601-i686.exe has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from swupdate.openvpn.org.
MD5:
79a628bb5893456bb1fa1a6e83e992be

SHA-1:
8da560d4165e42f76abf4e7a5c0ef5ddfbf9bf55

SHA-256:
62be8481c1e5d12c30af9ed8ab5d107b1c258b194c47229e38bf1d5855f92c40

Scanner detections:
5 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/27/2024 1:57:51 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

VIPRE Antivirus
Threat.4721115
50536

File size:
1.7 MB (1,808,000 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\openvpn-install-2.3.11-i601-i686.exe

File PE Metadata
Compilation timestamp:
9/30/2014 11:55:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:eZhPzVzt6QbzhnjFaO95n3wT2VOaOzTqoHDFbRRkVFcWqIrro+gWgXUv3hTiVsht:ePJl91wTTf7HhjkQMro/X+wVs02V

Entry address:
0x4105

Entry point:
8D, 3D, 18, 70, D7, AA, 8D, 1D, 5A, DF, EF, 6B, 80, F8, 93, 4F, 8D, 2D, E2, 6F, 01, 1E, 85, EB, 04, A4, 0F, B6, F8, E8, 1D, 00, 00, 00, 85, F5, 8D, 2D, 9C, AB, 97, D4, EB, 0D, 8D, 3D, 4E, 7C, 93, 65, 1D, 1B, AB, 2D, F0, 11, FD, 81, F9, 1D, A8, 00, 00, C7, C6, 14, 7D, 8C, 84, 23, D2, FF, CE, 84, C5, 8A, F7, 85, EF, 78, 02, 10, CB, 3B, C7, 58, 72, 08, 12, CD, 0F, AF, F3, F6, C2, DD, 47, 0A, D6, 8A, DE, 43, C7, C5, A1, 42, A2, 65, 87, DE, 84, DE, 0F, AF, CD, BB, 23, B9, DF, 71, 81, C9, 44, AB, FC, 14, C6, C1...
 
[+]

Code size:
34 KB (34,816 bytes)

The file openvpn-install-2.3.11-i601-i686.exe has been seen being distributed by the following URL.

https://swupdate.openvpn.org/cdn-cgi/.../chk_jschl?jschl_vc=d5024440deb01f042520c928ceef6bae&pass=1468258260.371-czqyCRGoEz&jschl_answer=104

Remove openvpn-install-2.3.11-i601-i686.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.