home

bi8mhrnyet7z.exe

Amigo Installer

LLC Mail.Ru

The executable bi8mhrnyet7z.exe has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program DevID Agent by DevID. The file has been seen being downloaded from amigobin.cdnmail.ru.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Amigo Installer

Version:
44.2.2403.1

MD5:
748156b951592a48db85cfa24454f7fa

SHA-1:
7f96e6c769165fd79a82f4fd25c6f34bf66166cd

SHA-256:
2582f74f336fc373e0bae611a391d72e1a14d1a3c6ff38501205da03fcbecabf

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
6/25/2025 2:58:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.MailRu.Installer.Meta
15.11.26.16

File size:
46.6 MB (48,866,536 bytes)

Product version:
44.2.2403.1

Copyright:
Copyright 2015 The Chromium Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\bi8mhrnyet7z.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
thawte, Inc.

Valid from:
8/6/2015 3:00:00 AM

Valid to:
10/5/2017 2:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=moscow, S=Moscow, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
10F4D809B7AA340870993C0042347814

File PE Metadata
Compilation timestamp:
11/10/2015 5:43:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:PTT59Y5emqHX6Cc1Aw0xS+kFon7Ff4txXwKrNhzaeMqWJu/8/v5ncTYwr+9ZXlxn:ZKetX6Gwv6FxKrNheeMq6rnc8xbjNE1A

Entry address:
0x5AFE

Entry point:
6A, 00, FF, 15, AC, 30, 41, 00, 50, E8, 0D, 09, 00, 00, 59, 50, FF, 15, 98, 30, 41, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, B6, 0F, 00, 00, 8D, 4D, F8, E8, D3, 0F, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, CB, 0F, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, BA, 0F, 00, 00, 3B, 05, 2C, 16, 40, 00, 77, 7C, FF, 36, 33, C0, BB, 04, 01, 00, 00, 66, 89, 45, F4, 66, 89, 85, EC...
 
[+]

Packer / compiler:
FASM v1.3x

Code size:
58.5 KB (59,904 bytes)

The file bi8mhrnyet7z.exe has been discovered within the following program.

DevID Agent  by DevID
About 6% of users remove it
 
Powered by Should I Remove It?

The file bi8mhrnyet7z.exe has been seen being distributed by the following URL.

http://amigobin.cdnmail.ru/AmigoDistrib.exe

Remove bi8mhrnyet7z.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.