» setup_winsadib1003.exe
Overview
Analysis
File Details
Downloads (1)

setup_winsadib1003.exe

The executable setup_winsadib1003.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.huzar.pl.

File name:

MD5:

aee9f6a58368d4bcb89720972baedec1

SHA-1:

ad13fdedb8bc8744fe10f7fd0dcbe46c2a98d7ac

SHA-256:

ee7cd9f58616b69c084c6854b7cdd0e3a765660396e36b5f5575c59d9696e804

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/16/2024 2:47:10 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.19480064

7.11.185.18

avast!

Win32:Malware-gen

2014.9-160226

Dr.Web

Trojan.Click3.9617

9.0.1.057

F-Prot

W32/Dropper.gen8

v6.4.7.1.166

G Data

Win32.Trojan.Agent.W7S34Q

16.2.24

IKARUS anti.virus

Trojan.Agent

t3scan.1.8.3.0

McAfee

Artemis!AEE9F6A58368

5600.6477

NANO AntiVirus

Trojan.Win32.Click3.diluuz

0.28.6.63362

Trend Micro House Call

Suspicious_GEN.F47V1107

7.2.57

File size:

18.6 MB (19,480,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup_winsadib1003.exe

File PE Metadata

Compilation timestamp:

8/29/2014 3:41:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

393216:UYna3F0gxYoZX+02STpHytrAcuoVYnWZTBh9tQ5dK2UAOGFw:IpKoZcSTpSWcuoVHTBh9t8duEFw

Entry address:

0x1228C

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, A1, E8, 3B, 41, 00, C6, 00, 01, B8, 58, 19, 41, 00, E8, 9B, 41, FF, FF, 33, C0, 55, 68, 14, 23, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, D9, 5C, FF, FF, 8B, 55, EC, B8, DC, 89, 41, 00, E8, 08, 2A, FF, FF, 33, C0, 55, 68, F7, 22, 41, 00, 64, FF, 30, 64, 89, 20, E8, 09, F0, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, FE, 22, 41, 00, A1, DC, 89, 41, 00, E8, AE, 5C, FF, FF, C3, E9, 04, 23, FF, FF, EB, EE, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 1B, 23, 41, 00, 8D... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

67.5 KB (69,120 bytes)

The file setup_winsadib1003.exe has been seen being distributed by the following URL.

http://www.huzar.pl/pobierzplik.php?nazwa=WINSADIB.exe&wersja=1003

Remove setup_winsadib1003.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.