home

file-repair-setup.exe

File Repair

The executable file-repair-setup.exe, “File Repair Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from file-repair.en.softonic.com.
Publisher:
File Repair

Product:
File Repair

Description:
File Repair Setup

Version:
2.1

MD5:
f62c9bd5fcb7edbf40291d819d5a6483

SHA-1:
d14059011bd7fe4de9dbeaae9bd2852c038b0dc2

SHA-256:
5a593beb9face05e8fe25ab6ac9e41a5c52842a71904f3c59d48b236e0690098

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/18/2024 6:41:11 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160414-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.14.0

Norman
Win32.Sality.3
15.04.2016 04:58:04

VIPRE Antivirus
Threat.4721115
49072

File size:
1 MB (1,094,576 bytes)

Product version:
2.1

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\file-repair-setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:GnvZ2kzpKG3nbHgYBEW4k31wRK2TbwwKfGfR/ZEPqZTGUP7I:Gv4kzn3bAiEWzFwKQbJQG7vZ77I

Entry address:
0x9C40

Entry point:
B5, 0C, 3B, C6, BE, A1, 90, 64, 46, 50, 57, 89, C0, 20, DC, 12, F7, 72, 01, F3, 86, E9, F3, 81, F3, 70, 59, 00, 00, 33, E8, 86, D6, 86, F0, 2B, DF, BD, C7, 2E, A1, C4, B2, 9C, 0A, C0, B0, 5E, 87, EE, 88, E3, 32, F5, E8, 65, 00, 00, 00, FF, CE, C6, C7, 6B, 8B, C2, 3D, 7F, 90, 00, 00, 73, 03, C6, C7, 57, 8D, 15, 75, 02, 00, 00, 80, C5, 75, 88, DB, 0F, B6, CD, 81, F2, BA, 00, 00, 00, 85, FE, F2, C6, C1, 47, 81, CD, 51, 79, A8, EF, 0F, AF, CB, 81, EA, 45, F5, FF, FF, F7, C6, 6D, 5F, 60, A1, 81, EA, BC, 0A, 00...
 
[+]

Code size:
37 KB (37,888 bytes)

The file file-repair-setup.exe has been seen being distributed by the following URL.

http://file-repair.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9d4S3XgEpB/0tc78ON1dSHCVZxL1UP015gjrhmE/qm2OkxcWr9QUiOLAw3PIJg pR2/.../ETz2Yg=

Remove file-repair-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.