home

receiver_install.exe

The executable receiver_install.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from citrix.statsbygg.no.
MD5:
6c92918a2bb144ed87eb65d0d5ce5bf7

SHA-1:
541b344dc56197deb41af72883c4a453cf2a15a6

SHA-256:
1ebcb7f591e8f97b6926a9a4eebd281d4666490c39ffd27ca874efc6aeccb65b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/16/2024 11:44:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.4.22.2

File size:
56.8 MB (59,578,368 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\receiver_install.exe

File PE Metadata
Compilation timestamp:
8/2/2014 1:33:12 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
1572864:4vL/SACRd19CfrN/2NVOa8twhpwermGc7AjM8fbi:gPCRf9urN/2H8g+OmZ7AgEbi

Entry address:
0x1000

Entry point:
48, 83, EC, 28, 49, C7, C0, B8, 01, 00, 00, 48, 31, D2, 48, B9, B8, E5, 00, 40, 01, 00, 00, 00, E8, 6F, 31, 00, 00, 48, 31, C9, E8, 7F, 31, 00, 00, 48, 89, 05, 94, D5, 00, 00, 4D, 31, C0, 48, C7, C2, 00, 10, 00, 00, 48, 31, C9, E8, 6C, 31, 00, 00, 48, 89, 05, 73, D5, 00, 00, E8, A6, 97, 00, 00, E8, 6D, 88, 00, 00, E8, 9C, 7C, 00, 00, E8, 23, 60, 00, 00, E8, 0E, 52, 00, 00, E8, CD, 4D, 00, 00, E8, 50, 3B, 00, 00, E8, BF, 37, 00, 00, 49, C7, C1, 07, 00, 00, 00, 49, B8, 40, D2, 00, 40, 01, 00, 00, 00, 48, 8D...
 
[+]

Code size:
38 KB (38,912 bytes)

The file receiver_install.exe has been seen being distributed by the following URL.

https://citrix.statsbygg.no/cvpn/aHR0cDovL3Ztd2ViMjIuc3RhdHNieWdnLnBybw/Download/.../receiver_install.exe

Remove receiver_install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.