usbfix_2016_8.113.exe

The executable usbfix_2016_8.113.exe has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download5.fileeagle.com.
MD5:
2c0cc38c092df1a9398a9f53d282b5e4

SHA-1:
a39ef2b74ecca6f5e5aa4f46705eb329b3d6fa95

SHA-256:
6e69b3d14c0541e949d29ef08578c57b491ee63fd0194287ee2452012663ad43

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/28/2024 10:15:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Oncer
160708-3

AVG
Win32/Chir.B@mm
2015.0.4604

ESET NOD32
Win32/Chir.B virus
8.0.319.0

F-Prot
W32/Thecid.B@mm
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.2311.0

VIPRE Antivirus
Threat.219451
50674

File size:
301.5 KB (308,776 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\usbfix_2016_8.113.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:BpgpHzb9dZVX9fHMvG0D3XJZeFzcL6SnNIas8qIHRZun1g3qFq9/RU8eIisKldRh:7gXdZt9P6D3XJZW+fFHScL9/z8Vh

Entry address:
0x7A22C

Entry point:
60, E8, E6, 19, 00, 00, 8B, 74, 24, 20, E8, 08, 00, 00, 00, 61, 68, FA, 30, 40, 00, C3, E9, 59, E8, 01, 16, 00, 00, 81, E6, 00, F0, FF, FF, 81, EE, 00, 10, 00, 00, 66, 81, 3E, 4D, 5A, 75, F3, 0F, B7, 7E, 3C, 03, FE, 8B, 6F, 78, 03, EE, 8B, 5D, 20, 03, DE, 33, C0, 8B, D6, 83, C3, 04, 40, 8B, 3B, 03, FA, E8, 0F, 00, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 41, 64, 64, 72, 65, 73, 73, 00, 5E, 33, C9, B1, 0F, FC, F3, A6, 75, DA, 8B, F2, 8B, 5D, 24, 03, DE, 0F, B7, 0C, 43, 8B, 5D, 1C, 03, DE, 8B, 1C, 8B, 03, DE, 81...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
23.5 KB (24,064 bytes)

The file usbfix_2016_8.113.exe has been seen being distributed by the following URL.

Remove usbfix_2016_8.113.exe - Powered by Reason Core Security