» t23448.exe
Overview
Analysis
File Details
Downloads (1)

t23448.exe

The application t23448.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from freesite-go.com.

File name:

t23448.exe

Version:

1.0.0.0

MD5:

b78f0169e279f69e087d4b6398510322

SHA-1:

da0b0ba7aa034407a2b0c71367efcd71a09de260

SHA-256:

5df4b25037bc10ab9affb06c85314bf9a21e137425919ff9831c4aa2658ce2fe

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 9:50:01 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.InstallMonster

2014.09.23

Avira AntiVirus

APPL/InstallMon.enib

7.11.189.40

avast!

Win32:InstallMonstr-GC [PUP]

2014.9-141202

AVG

Generic

2015.0.3272

Dr.Web

Trojan.InstallMonster.979

9.0.1.0265

ESET NOD32

Win32/InstallMonstr.FS (variant)

8.10448

F-Prot

W32/A-1572098d

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.186.14161

Kaspersky

not-a-virus:AdWare.Win32.InstallMonster

14.0.0.2857

NANO AntiVirus

Riskware.Win32.InstallMonster.dhyvgp

0.28.6.63726

Norman

InstallMonstr.V

11.20141202

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.2.12

Sophos

Install Monster

4.98

Vba32 AntiVirus

TScope.Trojan.Delf

3.12.26.3

VIPRE Antivirus

Threat.4150696

35088

Zillya! Antivirus

Adware.InstallMonster.Win32.40

2.0.0.1994

File size:

3.9 MB (4,052,707 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\t23448.exe

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:Yy5YOO9IT99BxyjeWYwcTZCUfVKwq85D6j:D5YOPD5WYVwx8Yj

Entry address:

0x8115F0

Entry point:

60, BE, 00, E0, 8F, 00, 8D, BE, 00, 30, B0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

3.1 MB (3,227,648 bytes)

The file t23448.exe has been seen being distributed by the following URL.

http://freesite-go.com/eyJzaWQiOiI0OTY4IiwidmVyIjoiMSIsInVybCI6Imh0dHA6XC9cL21heHRvcnJlbnQucHJvXC9NYXhUb3JyZW50LmV4ZSIsIm5hbWUiOiJ0MjM0NDgiLCJ0eXBlIjoiZGlzayIsInNpemUiOiIzNTY1MTU4Iiwic3ViX2lkMiI6IjM1MDM0MTg2In0,

Remove t23448.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.