attinternetinstaller.exe

AT&T

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from pattcwprt.att.motive.com.
Scan attinternetinstaller.exe - Powered by Reason Core Security
Publisher:
AT&T  (signed and verified)

MD5:
5e34b1bc85e6978a660a40e982e9c88b

SHA-1:
c39a8b2c81337af9273aacf3489147f9a1fb2799

SHA-256:
d4ba9fe76ae3e6eff23c2a7bc97c2c07485857b742b4a3761535a5b758d1efd8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/2/2016 11:30:09 PM UTC  (today)

File size:
4.5 MB (4,751,384 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\attinternetinstaller.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/25/2008 7:00:00 PM

Valid to:
9/27/2011 6:59:59 PM

Subject:
CN=AT&T, OU=AT&T Mass Market Care Application, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AT&T, L=Austin, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
565A077CDF35BD92F2336FEB8E551B13

File PE Metadata
Compilation timestamp:
3/29/2008 5:14:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:7uvzHMKnb7pUmYaXDK0Y8UTV9h0NM7W3sCTit:7uvTLnp/YQ+0uANEWXTit

Entry address:
0x30E3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 58, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, E1, 2A, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 4C, 91, 40, 00, 68, 60, E3, 42, 00, E8, 98, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 86, 27, 00, 00...
 
[+]

Entropy:
7.9994

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file attinternetinstaller.exe has been discovered within the following program.

Walgreens PictureMover  by Hewlett-Packard
Publisher's description - “PictureMover is software that you install on your computer. It helps you get your photos off of your camera and other media devices, like memory cards, to both your computer and your Snapfish account.”
www.hp.com
51% remove it
 
Powered by Should I Remove It?

The file attinternetinstaller.exe has been seen being distributed by the following URL.

Scan attinternetinstaller.exe - Powered by Reason Core Security