» aresregular231_installer.exe
Overview
Analysis
File Details
Downloads (36)

aresregular231_installer.exe

The executable aresregular231_installer.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from cdn.baixakicityfiles.com and multiple other hosts.

File name:

MD5:

d6ef98058a65bebc61c73aae24d6125a

SHA-1:

7bfba3bb4f13b3e4af5c2cd90ad89aa4b9b0cee3

SHA-256:

2e32fef6e98d95dd6c9f0f4e91b6e87e4ca92617365ec79c8d89354edb0b5c96

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

5/7/2024 1:28:53 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.Banker-14020

0.98/21511

Reason Heuristics

(M)

16.6.6.21

File size:

4.4 MB (4,650,892 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\aresregular231_installer.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:bwXgDFTtfo3Aek6wVtYK6GXEsOF4+XwliAKEGZva8hKXI:tFTtfYAhbCWbRGZva1XI

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file aresregular231_installer.exe has been seen being distributed by the following 36 URLs.

http://cdn.baixakicityfiles.com/c?x=ghOF1oPp WUPI5zICcXVdjAjzl8zIYwSvpT2l l2Gpc=&c=snnUS0z2IAuc0nA43t0bDBU20hx9 EiNhGSYnYMhPtKHr9H9uXmX9h/JQs7w5PvgMZafxGxyIP TFXtq5BpaHfyOoJ2w CxCeMq4KARna32s3SXgn1lWZG4W5vLJk7di6KPdsGoa/pvWcVb3hifMOw==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://cdn.baixakicityfiles.com/c?x=ecOO2JiwfqyJRjQGVyLR3YM3l1sbkzIi8bRVcsTNjeU=&c=qWLeUYXu3S kgFGtzciIFpXZRxAs3fzKE4NATJCPjTwwUbMwr 6kN3lhlSi8qlCT7kKRq7KmfyGZkIlqhurBP2Vzvku8oILk0TOGo25DjhDu7Gnud1UvXbaTO0NhqrLm9a3M7CdWZLaSzEhd0MriQ==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://cdn.baixakicityfiles.com/c?x=3AyKPOQfqShV//N8eY5qD9jJycBl28y2cFzPIFUve7w=&c=N1rKxEigwC4A9gMIZU02WXBd1xnDa1PGFjxvkVCyMOt0fQnJ8vQGo/QbUeax VwpGXl5lgIef0vFByrXouFuEYzFaXD FXjm0LNs2nkoNleKSrFNC/R heSNNtiGn1SdLsiM2TIV0kbtnuRjwR0S9A==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=https://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular232_082715/.../download?nowrap

http://dl1.filesoul.com/.../Ares-2-3-1.exe

http://filehippo.com/es/download/file/.../

http://www.filehorse.com/download/file/.../

http://filehippo.com/es/download/file/.../

http://www.filehorse.com/download/file/.../

http://cdn.baixakicityfiles.com/c?x=7SOtUNsuROSkHcatzoQSkQkQ2NIOcTI1LIZ6H0zN/SU=&c=Hoo/xmWq7EqwshMHA/mFsIjV2HOyL8RWP0KJ0f0EDOQe7nRH6vEa LsUeO/4sKAvQ Y22Ae8Nljl8wgQ/KgNxx0aYzCSKtdkQsnG xdq460DocFL0p3TyD/wffry2vIgoXAdYQr1EA56XHHgrpVqqQ==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://p_descargar-mp3-es_ares.foramuinareqy.com/crawled_soft/.../2/22461-679957-ares.exe

http://filehippo.com/download/file/.../

http://cdn.baixakicityfiles.com/c?x=4gbbOlQLMHNrfoR6LzxnOwO69g0TGJewqtoxfTpo2k4=&c=HJ1nsaU69k3sD12FrattIq3lVFMjswvSBWcySuph3QvD5nCXczJ/GVr/yP23kVWfFmJDZMSSy1EK1X/K9JOeJT dmRnR1ZnLcSlHvdhs VNAakvjaiviaNssbdMwXiKF6SKlB9ZeCqJQWo/yxwOfng==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://filehippo.com/es/download/file/.../

http://filehippo.com/pl/download/file/.../

http://p_descargar-mp3-es_ares.fopjutrirelad.com/crawled_soft/.../2/22461-679957-ares.exe

http://filehippo.com/it/download/file/.../

http://cdn.baixakicityfiles.com/c?x=WhFeLpFPiH/lpJmu9c1iFYru41EQqFF2HGdmEnhNxJM=&c=jcRa5UiI501zuZXwm2UIDHBVyaH6reTAusmC0CjWkLdIdI8IU9lQd4vpNCcHTmBBjv0KqbBHVSMPrtHsYt9GnyPbCYfUQelexR5UEhbf eFW2WRWHU7hLHnt855LXzSew7k 2X2UIRfPh3bE098Ogg==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://cdn.baixakicityfiles.com/c?x=V2kDed2Bjxgmuiu2imYZI IYIh/uqB9kE3IgT6DTUvc=&c=BL0/3eUcQ0ZI5IcCa33xqodGjk4YnJWi0S4H5uGjZbefZySn5H/FbmgvjaYb65EFcPNv4HiGFzWfYa/sC1BKje1zIZzN8ql6GYPkcBXlv4lSODof78FCuq 1PkPqNPlMtcgHLTwhqtmJH/Qbn4W3SQ==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=https://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular232_082715/.../download?nowrap

http://fs40.filehippo.com/7922/.../aresregular231_installer.exe

http://pfn.def2reta2reteac.com/crawled_soft/.../2/22461-679957-ares.exe

http://www.filehorse.com/download/file/.../

http://www.programosy.pl/.../pobierz,ares,2.html

http://pfn.dioareretoai.com/crawled_soft/.../2/22461-679957-ares.exe

http://cdn.baixakicityfiles.com/c?x=wnM7zsNUvhqqA1KMcSrV6MXJ3Eacg7KKiwRyiRb1NrM=&c=XTB4KN y2r8CnnQ7kIA16bjBuj5HTtiKZRmyGwNjhurQU1H3ATVp2ZWQzkf9Tt1OaFy593AcMK7f 6y0UdbkLdsW9estyumV3qblqUU39c8E/mRPISaUZf973ezSt9h1WiMVITt4cn/u xZ9hh K A==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://5.135.31.22:400/aresregular231_installer.exe

http://www.bajenlo.com/descargas/.../aresregular231_installer.exe

http://filehippo.com/download/file/.../

http://download.instalki.org/programy/Windows/Internet/.../aresregular231_installer.exe

http://cdn.baixakicityfiles.com/c?x=EP35INt8//Qo3FO 7WmSFI1b3EN7pJLO4uW/UjX5sos=&c=W6D4ZY 2h5YgXR5LVYr9mNrgnWWoyjpsnXubLGgW0Z4glwRxXnauf6DzPPKQMTolzr85aIx2uaB2S9u54ETv kSnN8jUjiu3avGipQA iJCTKqYytFp0TOfrdYMhu tPwMYBHNYYtG/PrQM7842Kg==&downloadAs=ares-galaxy-32-bits.exe&fallback_url=http://sourceforge.net/projects/aresgalaxy/files/aresgalaxy/AresRegular231_072615/.../download?nowrap

http://p_descargar-mp3-es_ares.flosadireflis.com/crawled_soft/.../2/22461-679957-ares.exe

Latest 30 of 36 download URLs

Remove aresregular231_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.