visxsd20-61973257.exe

ProInstall Applications SRL

The application visxsd20-61973257.exe by ProInstall Applications SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.proinstall-download.com.
Publisher:
ProInstall Applications SRL  (signed and verified)

MD5:
411db555b1ed1f55d22ee2ccb51e3c0b

SHA-1:
886708c15c4c7af47da6f85130ad5a64699202fa

SHA-256:
fe8bf99a4f48f88720805083a6c4d62b64796161a2f0369d21fb9b0d11a40485

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 8:50:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ProInstall (M)
16.7.29.18

File size:
74 KB (75,752 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\visxsd20-61973257.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/30/2014 1:00:00 AM

Valid to:
12/31/2015 12:59:59 AM

Subject:
CN=ProInstall Applications SRL, OU=iops, O=ProInstall Applications SRL, STREET="Bd Decebal 25-29, Et 10", STREET=Spatiul 9.1 Camera A, L=Bucuresti, S=Sector 3, PostalCode=030964, C=RO

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FECC76E020238D75DD6868F2328F702F

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:kVdePelp2Xy+tuQOzOYE5aXPn8CwF8eX4pNy2NLpBWTaFeiC:XweqOYEUXPn8CaX4djBdFI

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file visxsd20-61973257.exe has been seen being distributed by the following URL.

Remove visxsd20-61973257.exe - Powered by Reason Core Security