home

SilentInstaller_dotnet2.exe

am2703

The application SilentInstaller_dotnet2.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d14940vm2n7yym.cloudfront.net.
Product:
am2703

Version:
3.0.2.7

MD5:
35f8f4e723e8a096421a67198e50bd03

SHA-1:
9bff2b4db6951230f0df21abc445f806a8b8b87a

SHA-256:
e567c8eb3e88263e0ba06b5554d3f6153493e6a7289362851ad50948b5286ccf

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/28/2025 1:42:39 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160327-1

ESET NOD32
MSIL/Adware.Imali.C application
8.0.319.0

File size:
313.5 KB (321,024 bytes)

Product version:
3.0.2.7

Copyright:
Copyright © 2016

Original file name:
SilentInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\silentinstaller_dotnet2.exe

File PE Metadata
Compilation timestamp:
7/16/2006 2:04:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:RFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5V+tdqIL:bZwgVxGq86oH/MKvnolgPq

Entry address:
0x4F23E

Entry point:
FF, 25, 00, 20, 40, 00, F5, 42, 83, CA, 54, 10, DD, 42, 83, E8, 02, E9, E7, 00, 00, 00, 10, 7C, 86, 00, 90, 7A, E2, 5E, 00, A3, 59, 00, C6, 00, 00, 00, 8A, 0B, E1, 1B, 5D, 36, D3, 95, 3D, 62, 6C, DF, 00, 2E, 8A, 78, 3A, 00, 4A, 87, D2, 8D, 17, 68, 3A, 6B, 00, 00, F8, 58, EB, 5B, 00, 00, 00, 22, E5, 1F, A0, A9, 74, 60, 54, 25, 06, 20, 82, D8, 4C, 64, EE, 7B, 43, AA, 87, E6, 30, 83, 7E, DE, D4, DF, A7, 00, 30, 49, 70, E8, 74, 57, 0D, CB, 00, 33, 2E, 00, C3, 00, 2B, 00, DC, BB, 00, F8, 2D, FD, 2F, 0F, D8, DF...
 
[+]

Entropy:
7.8827

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
309 KB (316,416 bytes)

The file SilentInstaller_dotnet2.exe has been seen being distributed by the following URL.

http://d14940vm2n7yym.cloudfront.net/SilentInstaller_dotnet2.exe

Remove SilentInstaller_dotnet2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.