sinstall.exe

The application sinstall.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i1.coolinary.info.
MD5:
e539968e064bd62ac5194ad88c0bd608

SHA-1:
f6474e43646b33d418dac8e02c004e2020908d4d

SHA-256:
55c4baed4cd34ba9be8096e0f1a6a2703ce4d01139a01ba5f971189e210e71d2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 5:47:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.SInstaller (M)
16.5.31.0

File size:
1.1 MB (1,196,043 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sinstall.exe

File PE Metadata
Compilation timestamp:
1/21/2014 1:59:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:+3aGV+ZyRm+GRVjtNjwcNvl30Ha77XdA8BE0DkeDQ9jY7yncuc8:+KGV+kmJLnNvlQOBMeUBY73uc8

Entry address:
0x120000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
861 KB (881,664 bytes)

The file sinstall.exe has been seen being distributed by the following URL.

Remove sinstall.exe - Powered by Reason Core Security