» prepreinstaller_win.exe
Overview
Analysis
File Details
Downloads (1)

prepreinstaller_win.exe

The executable prepreinstaller_win.exe has been detected as malware by 9 anti-virus scanners. The file has been seen being downloaded from d2jehvtm7m3bf.cloudfront.net.

File name:

MD5:

4cde388cebeca7774ec0308468a1a442

SHA-1:

b03aae0c6c8030c1bf6343d13d3c04dfc3dcf61f

SHA-256:

4c3b619f031a088232baf2f72cd054cf7fee206fabc798a3b205394349863244

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/25/2024 2:04:09 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Vitro

160215-2

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

10.0.0.5366

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

F-Prot

W32/Sality.D.gen

4.6.5.141

Kaspersky

Virus.Win32.Virut

15.0.0.562

McAfee

Virus.W32/Virut.n.gen

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6352.0

VIPRE Antivirus

Threat.4120919

47240

File size:

361.5 KB (370,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\prepreinstaller_win.exe

File PE Metadata

Compilation timestamp:

8/3/2081 2:20:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:GSMsVU2XdzRVcaAyJmOl9N7m66e/3dk5vVcBEzuTCluo1/zIPH6kXdnofcIm:ztNA5u9tm66e/tmKRT2kZdnofc

Entry address:

0x5EA39

Entry point:

83, EC, 30, 60, 83, C4, 24, 71, 00, E8, 62, B4, FF, FF, 03, 5C, 24, FC, 2A, DB, 83, EB, 3C, 83, EB, 44, 0F, B7, 93, BC, 1C, 00, 00, 81, D2, 2B, EE, FF, FF, 0F, 89, E7, FF, FF, FF, 8B, 94, 1A, 56, 2E, 00, 00, 66, 83, FA, 45, 75, DA, 90, 87, FF, 90, 03, 93, 80, 1C, 00, 00, 66, 81, F2, 92, 5A, 75, C9, A8, 94, B2, 7B, 68, CC, 3C, 63, CC, 81, C3, 80, 1C, 00, 00, E8, 99, B4, FF, FF, 89, 74, 24, 44, E8, 10, FF, FF, FF, 83, F8, 04, 89, 44, 24, 34, 0F, 8C, C8, B3, FF, FF, 64, A1, 18, 00, 00, 00, 83, F8, 00, 7C, 0C... 
[+]

Entropy:

7.0943

Code size:

97 KB (99,328 bytes)

The file prepreinstaller_win.exe has been seen being distributed by the following URL.

http://d2jehvtm7m3bf.cloudfront.net/prepreinstaller_win.exe

Remove prepreinstaller_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.