home

spyhunter-installer.exe

Installer

Enigma Software Group USA, LLC

The executable spyhunter-installer.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from soft2secure.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Enigma Software Group USA, LLC.  (signed by Enigma Software Group USA, LLC)

Product:
Installer

Description:
Enigma Installer

Version:
2.0.357.858

MD5:
c253794e2ab0348252124625379b48ae

SHA-1:
ee05194418996188e3895b398d064c8f65fc82af

SHA-256:
48136a86489c01096405fc7a8b55f935f3ef5ba57caa12d0501c20e05010195e

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 6:26:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Bolik-E
160518-2

F-Secure
Variant.Symmi.24103
5.15.96

Norman
Gen:Variant.Symmi.24103
19.05.2016 01:04:49

File size:
3.6 MB (3,797,888 bytes)

Product version:
2.0.357.858

Copyright:
Copyright 2003-2014. Enigma Software Group USA, LLC. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\spyhunter-installer.exe

Digital Signature
Signed by:
Enigma Software Group USA, LLC

Authority:
VeriSign, Inc.

Valid from:
2/25/2014 5:30:00 AM

Valid to:
5/27/2017 5:29:59 AM

Subject:
CN="Enigma Software Group USA, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Enigma Software Group USA, LLC", L=Clearwater, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4549D6525BEC58AA524A1CE9E786B4E9

File PE Metadata
Compilation timestamp:
11/27/2015 9:32:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:WEP+LQ0mh93FydSoT0Qugf21RJSiyf3PW41QQhpa:p+g93Fg3cRJng6Ma

Entry address:
0x141C85

Entry point:
81, C4, FC, FF, FF, FF, 89, 04, 24, 51, 81, EC, 04, 00, 00, 00, 89, 14, 24, 81, C4, FC, FF, FF, FF, 89, 1C, 24, 54, 55, 81, EC, 04, 00, 00, 00, 89, 34, 24, 57, 81, C4, FC, FF, FF, FF, 89, 2C, 24, 31, C9, 31, C0, 89, E5, 81, C4, E0, FF, FF, FF, 81, EC, 04, 00, 00, 00, C7, 04, 24, 00, 00, 00, 00, 8B, 1C, 24, 81, EC, FC, FF, FF, FF, 81, EC, 04, 00, 00, 00, C7, 04, 24, 00, 00, 00, 00, 5A, 81, C4, FC, FF, FF, FF, C7, 04, 24, 00, 00, 00, 00, 8B, 34, 24, 81, EC, FC, FF, FF, FF, 68, 00, 00, 00, 00, 5F, 81, BD, 0C...
 
[+]

Entropy:
7.3870

Code size:
1.7 MB (1,738,240 bytes)

The file spyhunter-installer.exe has been seen being distributed by the following URL.

http://soft2secure.com/.../cerber-remover

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove spyhunter-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.