home

usb_protector2_setup.exe

USB Protector 2

Ajeesh M Sudhakaran

The executable usb_protector2_setup.exe, “Setup Launcher Unicode” has been detected as malware by 8 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download1us.softpedia.com.
Publisher:
Ajeesh M Sudhakaran

Product:
USB Protector 2

Description:
Setup Launcher Unicode

Version:
2.00.0000

MD5:
ced080a361f1a598ef7f654e7707d422

SHA-1:
1a13babdc1b4d219e4a55e7c0a3669780185053a

SHA-256:
9714408dd0972a49cf555f42131dc71992f9bacf91777cdc6cf10cee9a4a1a99

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/22/2024 9:48:36 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160708-3

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
16.07.16

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

Norman
Win32.Sality.3
28.05.2016 13:03:37

VIPRE Antivirus
Threat.4721115
50536

File size:
2.3 MB (2,423,856 bytes)

Product version:
2.00.0000

Copyright:
Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\usb_protector2_setup.exe

File PE Metadata
Compilation timestamp:
10/18/2010 10:14:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:OJAXwHHelOhnr5PuWU2T1/ZeDsUcURiRJRv0XP6VRh5NRrGR:zwHewnrZuWtZ9doYvRVr5jSR

Entry address:
0x93C20

Entry point:
30, ED, 86, E6, 72, 02, 34, 52, 86, CE, 89, CA, 86, F6, 10, E8, F3, C7, C1, 67, 14, 41, 2C, BD, 5B, F8, D1, 35, F2, BE, 2A, 3B, 00, 00, 8B, FE, 84, DA, 86, D5, 81, F6, 9A, B7, 00, 00, 85, C9, 77, 05, 0F, B7, CE, 12, E6, 81, F6, 66, 04, 00, 00, 0F, BE, F9, FF, C2, 08, F6, 33, DB, F2, 29, FA, FE, CE, 8D, 1E, 0F, AF, D5, 85, CD, 89, EA, 81, F3, CE, 7C, 00, 00, 0F, B6, FB, 87, D9, 45, F3, F3, 0F, B6, EE, 69, C5, C4, 7A, 69, 65, 22, F6, E8, 21, 00, 00, 00, 69, F8, 1F, 6A, DC, 8D, EB, 0D, B9, 80, 20, C1, E4, 8D...
 
[+]

Entropy:
7.4105

Code size:
885 KB (906,240 bytes)

The file usb_protector2_setup.exe has been seen being distributed by the following URL.

http://download1us.softpedia.com/dl/ee1996a51c03ad00b29acfcad01d02dd/51f528de/100194552/software/.../usb_protector2_setup.exe

Remove usb_protector2_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.