home

asf_avi_rm_wmv_repair.exe

Repair Video Master

Repair Video, Inc.

The executable asf_avi_rm_wmv_repair.exe, “Repair Video Master Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.repairvideo.com.
Publisher:
Repair Video, Inc.

Product:
Repair Video Master

Description:
Repair Video Master Setup

MD5:
5bbd903b8cc082d456faeed348cb08eb

SHA-1:
a1cca1d802c7a2fd3f7b3ef3f5c6c01486831fbf

SHA-256:
ee78c6fa551a45ec4e45428e55c68d2999fa5fe4dbb6a80cb0f8dc3c9326700c

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 4:24:18 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160503-1

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Norman
Win32.Sality.3
28.05.2016 13:03:37

VIPRE Antivirus
Threat.4721115
50536

File size:
1.5 MB (1,527,284 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\asf_avi_rm_wmv_repair.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:320+1SZ6XJR8TqhfHGUNxiGL+wuIzlzA9rVyiYfVwFfHwFVb83tGcesa:32r8ORx+MJzOVyiYuHw/Ets

Entry address:
0x9B24

Entry point:
85, DE, 76, 02, 88, D2, 03, E9, 80, C4, FC, F3, 85, F3, 30, EA, 0F, BE, FD, 84, E9, 69, F6, CF, 68, 5F, 82, FE, C2, 84, CD, F2, F3, 42, 1C, 97, 8A, D9, 89, D5, C6, C4, 5D, 8D, 75, 00, 8A, E2, 0A, E5, 81, FE, 61, DB, 00, 00, 73, 06, 8D, 05, 29, C5, 53, BA, 8B, FE, 77, 07, 80, D7, 60, 89, D0, 8A, D4, 76, 01, F3, 2B, CF, 8B, E9, 8D, 2D, 35, F4, 10, E6, 0A, C1, 8A, D6, 88, E4, C6, C6, CA, 70, 07, 8A, E3, C6, C0, FA, 88, FE, 68, C1, 39, 22, 00, 68, B1, B1, C9, 00, 8A, E7, E8, 00, 00, 00, 00, 0F, BF, CD, 8D, 0D...
 
[+]

Code size:
37 KB (37,888 bytes)

The file asf_avi_rm_wmv_repair.exe has been seen being distributed by the following URL.

http://www.repairvideo.com/.../asf_avi_rm_wmv_repair.exe

Remove asf_avi_rm_wmv_repair.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.