home

435590_setup.exe

Instyler Ex-it!

TiP Sp. z o.o.

The executable 435590_setup.exe has been detected as malware by 7 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.programosy.pl and multiple other hosts.
Publisher:
Instyler® Software  (signed by TiP Sp. z o.o.)

Product:
Instyler Ex-it!

Version:
1.70

MD5:
fd33e421b5864b951793e7f04ae87615

SHA-1:
4aecfc867318c1c282db3a037aeca7e1f0599ba7

SHA-256:
ee261079d589a9e0376802b3425637914130a4a65c0fdbfc93a4f50742561a8b

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/23/2024 5:51:52 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Agent-314656
0.98/18155

Dr.Web
Trojan.MulDrop3.46750
9.0.1.0249

McAfee
Artemis!FD33E421B586
5600.7016

NANO AntiVirus
Trojan.Win32.Joiner.diof
0.26.0.55041

Rising Antivirus
Trojan.DL.Microjoin.eu
23.00.65.14904

Vba32 AntiVirus
Backdoor.IRC.Kelebek
3.12.24.2

ViRobot
Trojan.Win32.Downloader.1150977
2011.4.7.4223

File size:
5.4 MB (5,705,872 bytes)

Product version:
1.70

Copyright:
Copyright © 2002 Instyler® Software

Trademarks:
Instyler® Software

Original file name:
stub.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\435590_setup.exe

Digital Signature
Signed by:
TiP Sp. z o.o.

Authority:
E-Telbank Sp. z o.o.

Valid from:
10/4/2004 9:35:29 AM

Valid to:
10/23/2005 8:14:11 AM

Subject:
STREET=Ceglana 4, L=40-514 Katowice, E=ejanota@tip.net.pl, CN=TiP Sp. z o.o., O=TiP Sp. z o.o., C=PL

Issuer:
CN=PolCert Object Publishing CA, OU=PolCert Object Publishing CA, O=E-Telbank Sp. z o.o., C=PL

Serial number:
010000000000FF631437FF

File PE Metadata
Compilation timestamp:
7/29/2002 3:39:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
98304:qTEvrejyOhNeZNMgJsm2+56uXLTEOQgL6r6DT/LJWzNCQtQisq1WWfUeoBw4:gEvrkyG++Csm2qX/6gLwGFetQizfUJ

Entry address:
0x1000

Entry point:
6A, 00, E8, 13, 00, 00, 00, 50, E8, 4B, 00, 00, 00, 50, E8, 01, 00, 00, 00, CC, FF, 25, 28, 40, 40, 00, FF, 25, 04, 40, 40, 00, FF, 15, 14, 40, 40, 00, 8A, 08, B2, 22, 3A, CA, 75, 13, 8A, 48, 01, 40, 3A, CA, 74, 04, 84, C9, 75, F4, 38, 10, 75, 0E, 40, EB, 0B, 80, F9, 20, 7E, 06, 40, 80, 38, 20, 7F, FA, 8A, 08, 84, C9, 74, 05, 80, F9, 20, 7E, E7, C3, 55, 8B, EC, 81, EC, BC, 05, 00, 00, 53, 56, 57, BE, 30, 50, 40, 00, 8D, 7D, D4, 83, 4D, E0, FF, A5, A5, 33, DB, 89, 5D, C8, 89, 5D, F0, A4, FF, 15, 10, 40, 40...
 
[+]

Entropy:
7.9987  (probably packed)

Code size:
9 KB (9,216 bytes)

The file 435590_setup.exe has been seen being distributed by the following 2 URLs.

http://www.programosy.pl/.../pobierz,slownik-angielsko-polski,2.html

http://download.microsoft.com/download/5/7/5/.../Setup.exe

Remove 435590_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.