spyhunter-installer.exe

Installer

Enigma Software Group USA, LLC

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program SpyHunter 4 by Enigma Software Group, LLC. This file is installed with the program SpyHunter 4. The file has been seen being downloaded from static.letoltokozpont.hu and multiple other hosts.
Publisher:
Enigma Software Group USA, LLC.  (signed by Enigma Software Group USA, LLC)

Product:
Installer

Description:
Enigma Installer

Version:
1.0.304.468

MD5:
3d7352be4db5e2aede7b213979ba58d3

SHA-1:
3bc673cbf8113d353eec86543b874a3bec1f0650

SHA-256:
2354ca9ac2bf9e8fe2d002ae39a3d0d8a5f166555f360366d9c1a7efa4d9169f

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 12:42:33 PM UTC  (today)

Scan engine
Detection
Engine version

herdProtect (fuzzy)
2015.6.12.23

File size:
3 MB (3,109,248 bytes)

Product version:
1.0.304.468

Copyright:
Copyright 2003-2014. Enigma Software Group USA, LLC. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\spyhunter-installer.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/25/2014 10:00:00 AM

Valid to:
5/27/2017 9:59:59 AM

Subject:
CN="Enigma Software Group USA, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Enigma Software Group USA, LLC", L=Clearwater, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4549D6525BEC58AA524A1CE9E786B4E9

File PE Metadata
Compilation timestamp:
2/5/2015 1:29:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:nofWMhHLldBJ44tfw06Whe8qjKuWgvTLATOuocv+VRJSg8jF60fk3AfMg:oDhHLld04tfVrhbqjKnodOMJSi0fk3Ax

Entry address:
0x12B35F

Entry point:
E8, BE, 1B, 01, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 33, DB, 39, 5D, 08, 75, 04, 33, C0, EB, 44, 56, 57, FF, 75, 08, E8, 5B, D1, 00, 00, 8B, F0, 46, 6A, 02, 56, E8, 32, 00, 00, 00, 8B, F8, 83, C4, 0C, 3B, FB, 74, 22, FF, 75, 08, 56, 57, E8, 72, 89, 00, 00, 83, C4, 0C, 85, C0, 74, 0D, 53, 53, 53, 53, 53, E8, B7, E6, FF, FF, 83, C4, 14, 8B, C7, EB, 02, 33, C0, 5F, 5E, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, DD, 1B, 01, 00, 8B, F0, 83, C4...
 
[+]

Entropy:
7.2301

Code size:
1.6 MB (1,643,520 bytes)

Program Uninstaller
Program name:
SpyHunter 4

Display publisher:
Enigma Software Group, LLC

Display version:
4.19.13.4482

Uninstall string:
C:\users\{user}\appdata\roaming\enigma software group\sh_installer.exe -r sh


The file spyhunter-installer.exe has been discovered within the following program.

SpyHunter 4  by Enigma Software Group
www.enigmasoftware.com
43% remove it
 
Powered by Should I Remove It?

The file spyhunter-installer.exe has been seen being distributed by the following 50 URLs.

Latest 30 of 50 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Scan spyhunter-installer.exe - Powered by Reason Core Security