» prepreinstaller_win.exe
Overview
Analysis
File Details
Downloads (1)

prepreinstaller_win.exe

The application prepreinstaller_win.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from d1zdkfpem6m5yk.cloudfront.net.

File name:

MD5:

af7082f4cb00098fd9348e138725c405

SHA-1:

bf6cea1ce387f563dbabb9d67e03872249627ff4

SHA-256:

98f029a35f470e0bf62b15d9046edf08b306e739398d64245c98af8f25521fea

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/23/2024 8:56:38 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160327-1

Dr.Web

Trojan.Crossrider1.55980

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

10.0.0.5735

ESET NOD32

Win32/Parite.A virus

7.0.302.0

F-Prot

W32/Parite.A

4.6.5.141

F-Secure

Win32.Parite.A

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.49.0

Norman

Win32.Parite.A

29.03.2016 06:29:16

File size:

500.8 KB (512,772 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\prepreinstaller_win.exe

File PE Metadata

Compilation timestamp:

11/26/2015 4:01:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:1VIBwSR+zHKtr8lmCadkD4Z55pozpBpYb:1zlHKtr8lmCa2D4/56fg

Entry address:

0x56000

Entry point:

B9, 02, 0C, 33, 00, 68, 1E, 60, 45, 00, 5E, 68, C4, 06, 00, 00, 5F, FF, 34, 3E, 31, 0C, 24, 8F, 04, 3E, 83, EF, 04, 75, F2, 90, 90, 90, EA, 71, 32, 00, 02, 0C, 33, 00, 02, 0C, 73, 00, 11, 5E, 32, 00, 02, 10, 36, 00, 06, 2F, 36, 00, 02, BC, 31, 00, 03, 0C, 33, 00, 0A, BC, 71, 00, 98, 64, 70, 00, B2, 64, 70, 00, FE, 58, 30, 00, 9A, 64, 30, 00, AC, 64, 30, 00, 0A, 92, 31, 00, 9A, 64, 30, 00, AC, 64, 30, 00, 02, 0C, 33, 00, 02, 0C, 33, 00, 02, 0C, 33, 00, 02, 0C, 33, 00, 02, 0C, 33, 00, 02, 0C, 33, 00, 02, 0C... 
[+]

Entropy:

7.1168

Code size:

166.5 KB (170,496 bytes)

The file prepreinstaller_win.exe has been seen being distributed by the following URL.

http://d1zdkfpem6m5yk.cloudfront.net/prepreinstaller_win.exe

Remove prepreinstaller_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.