» codec-pack_installer.exe
Overview
Analysis
File Details
Downloads (1)

codec-pack_installer.exe

Figidusa

The executable codec-pack_installer.exe, “Figidusa Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.capitalcenterdl.com.

File name:

Product:

Figidusa

Description:

Figidusa Setup

Version:

4.0.2.1

MD5:

73d40ea4e26e223afa705b1c2ea1577c

SHA-1:

4a234bb12cd702427ca348e22a0b524128728f3f

SHA-256:

b1e510af8cbbbf38e7a3c11c77946621ff8a2ab935e33880389352965c0f1fd2

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/12/2025 5:10:19 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160503-1

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.225.2453.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4721115

50880

File size:

1 MB (1,048,720 bytes)

Product version:

2.7

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\codec-pack_installer.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6dEzk879NU9ZgkD2zeEkxBVJOOZg7Wr+Fk6xcJ4oBWY:4YD9yZgA2zeEkx9VZg7q+FnxJ

Entry address:

0xA5F8

Entry point:

84, E0, 02, F4, 68, 17, 53, 33, 00, 69, E9, 50, 14, F7, DF, 89, F5, 0F, B7, F2, 8D, 1D, 60, C9, 9D, EF, FF, C6, C6, C2, 4F, 0F, AF, F3, 69, F9, 64, A8, 05, 48, 8D, 1D, E3, F8, 9D, 6F, 81, F9, D6, A1, 5A, 64, 8D, 3D, C6, 55, 3A, 83, E8, 15, 00, 00, 00, 0F, AF, C9, 0A, D8, F7, C1, 95, A2, BE, A0, F7, C6, 13, 56, A2, 1F, B0, F2, 3B, D3, F6, C3, AB, 48, F3, 69, FE, 86, 05, BB, 18, 70, 04, 86, E1, 32, E8, 81, FB, 7C, 64, 00, 00, 83, E3, 00, 43, 21, F6, F2, 8D, 0D, 64, 52, 1F, 83, 81, F7, 1C, BC, A4, 26, 0F, AF... 
[+]

Entropy:

7.9413 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file codec-pack_installer.exe has been seen being distributed by the following URL.

http://www.capitalcenterdl.com/hFL1t4NnRwl3AImom_UsKgmbbpZ_VVBZ2Vboie90UQ3Mf bxamOecpSls6VnoX6NwGR9OgmNOLjR0SvBtnEFucAPfpKt5Ynz_VA8bammhOW9un2nHKgLlvjHdvsZe EaHKsdGgngMyEJNHUUAPQO_bZJgFmCtWhmnfuD4KlmrxyUuRuX9ChhzNVPv4Ryvuu7tB0HNNRogBhbWFb6sTkQg59JQKfrWNj8Kk3riLLy13uoU3D6fVKYAEk5yiTukh5wY5gGQnNyQ9a_aB2sNJIaYR__N4N5nAjRrFO5nbDNw_lil6EiNCtBiHpT3TKB6UNZHndNZHvfE2hjFfhC9Kmgtm6bSnguP2ISq_tH6Itx8C3xNAnXCzKuwDOs0jAynXFKcpVRp7pq4kPVUlJW1yhw62A 20ev5aHPmqN5U7T 1d99OiNNPFKGB6D5ZBTQ8hbINmK2xf3RMFuib2pTO7H4yQn5Txm4qQ==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

Remove codec-pack_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.