spyhunter-installer.exe

Installer

Enigma Software Group USA, LLC.

The executable spyhunter-installer.exe has been detected as malware by 6 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from RevenueWire's affiliate distribution platform mayshare.enigma.revenuewire.net. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Enigma Software Group USA, LLC.

Product:
Installer

Description:
Enigma Installer

Version:
2.0.357.858

MD5:
dd3c7a4eece4cf91183543f6454b2bcf

SHA-1:
3d333bd7f414a25782836f6fa4291d83a1cf933c

SHA-256:
718cf7a346fe51b05b0a111e4df235be2864fc037f924186976ad6bbc924b88c

Scanner detections:
6 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/25/2024 12:28:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4591

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Norman
Win32.Sality.3
22.05.2016 07:18:28

File size:
3.2 MB (3,360,128 bytes)

Product version:
2.0.357.858

Copyright:
Copyright 2003-2014. Enigma Software Group USA, LLC. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
11/27/2015 6:02:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:IEP+LQ0mh93FydSop0QugfH1RJSiyf3PWD/:f+g93FgV5RJng0/

Entry address:
0x141C85

Entry point:
60, 71, 0A, 85, C7, 8D, 3D, B6, 08, 4E, 28, 87, D7, B7, BE, 8D, 2D, F1, CD, 2E, 5E, BB, 0B, 60, 1F, CD, EB, 08, 0F, AF, D3, 0F, AF, DA, 84, D0, 0F, AF, F7, 0A, FA, 39, F0, 81, F1, C2, EF, 00, 00, EB, 06, 8D, 15, F9, CF, 64, 29, 74, 02, 8A, E2, 1A, F8, BD, 65, 49, 2B, 5B, C7, C3, 45, CC, BC, 78, 42, 0F, BE, D3, 78, 05, 1A, FC, 0F, AF, F6, E8, 00, 00, 00, 00, 84, D8, FF, C2, F6, C7, B1, 05, E0, C6, 0A, 95, 75, 08, C7, C1, F4, A0, 7B, CC, F3, 40, 81, FE, A9, 5F, 00, 00, 5A, 2D, 97, 70, F9, 6C, 39, CE, C6, C0...
 
[+]

Entropy:
7.2569

Code size:
1.7 MB (1,738,240 bytes)

The file spyhunter-installer.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove spyhunter-installer.exe - Powered by Reason Core Security