home

prepreinstaller_win.exe

The executable prepreinstaller_win.exe has been detected as malware by 6 anti-virus scanners. The file has been seen being downloaded from d1oxfv942d99ty.cloudfront.net.
MD5:
5a3f09ce696f481097d5f9cd000da2c5

SHA-1:
fb80019ff7ba36e854c664a17df23d05b155600e

SHA-256:
638c749f4148f37831c0bad443db836579f247c3c5e4c8448a3f8011f6e4e13a

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 1:36:03 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160111-0

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!2877FED6BB1F
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.2452.0

VIPRE Antivirus
Threat.4758034
46552

File size:
354.5 KB (363,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\prepreinstaller_win.exe

File PE Metadata
Compilation timestamp:
1/11/2016 6:57:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:nwdsM0kU5eGs+1Fip4RveZqQYp1mQr57o+6mrr7zDZbE:S+1FzGYT57+mTlE

Entry address:
0x1446C

Entry point:
32, FD, 85, C0, 0F, CD, 87, F8, 81, F9, 2B, 64, 00, 00, 73, 02, 34, 5B, BE, 22, AB, 00, 00, B4, 9A, 81, C6, A8, 06, 00, 00, F6, D8, 68, 27, 9E, F4, 00, 77, 06, 69, CF, F0, 7E, D7, 1F, 80, E5, A7, 0F, B7, DE, 68, BA, 01, 00, 00, 5F, 0F, CD, 81, F7, BA, 01, 00, 00, 47, 43, 81, FF, EE, 01, 00, 00, 72, F6, 81, CD, DB, D5, 14, D2, 8D, 05, 83, 0F, 13, DC, E8, 4E, 00, 00, 00, 69, E8, 3B, C5, 4F, D3, 1A, F0, 81, F9, EC, 16, 00, 00, 70, 03, F6, C2, 70, 88, C2, FF, CA, 68, AE, 7E, 09, 00, 8D, 05, 97, 3C, 8B, 0A, 5D...
 
[+]

Entropy:
6.5246

Code size:
136.5 KB (139,776 bytes)

The file prepreinstaller_win.exe has been seen being distributed by the following URL.

http://d1oxfv942d99ty.cloudfront.net/prepreinstaller_win.exe

Remove prepreinstaller_win.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.