» install.exe
Overview
Analysis
File Details

install.exe

The application install.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

install.exe

MD5:

67ba961cdf6d274304cd20d76f7e5bd1

SHA-1:

ae55561f0b4a9446fb506441ab739d229536460d

SHA-256:

5a03ec5b02d13f8285af499a19db2dd030bc73d49a57bece3e88ec525f8866c4

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 7:12:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.FAkeAlert.105

928

Agnitum Outpost

Riskware.Ardamax

7.1.1

AhnLab V3 Security

Backdoor/Win32.Gbot

2014.07.22

Avira AntiVirus

TR/Crypt.XPACK.Gen7

7.11.163.82

avast!

Win32:PUP-gen [PUP]

140617-1

AVG

Potentially harmful program Ardamax.BZV

2014.0.3986

Bitdefender

Gen:Variant.FAkeAlert.105

1.0.20.1015

Comodo Security

TrojWare.Win32.Ardamax.NBQ

18932

Dr.Web

Trojan.KeyLogger.22339

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.FAkeAlert.105

8.14.07.22.02

ESET NOD32

Win32/KeyLogger.Ardamax.NBQ application

7.0.302.0

F-Prot

W32/Gbot.A.gen

4.6.5.141

F-Secure

Gen:Variant.FAkeAlert.105

11.2014-22-07_3

G Data

Gen:Variant.FAkeAlert.105

14.7.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3524

Malwarebytes

KeyLogger.Ardamax

v2014.07.22.02

McAfee

Keylog-FAQ

5600.7062

Microsoft Security Essentials

Threat.Undefined

1.179.723.0

MicroWorld eScan

Gen:Variant.FAkeAlert.105

15.0.0.609

NANO AntiVirus

Trojan.Win32.KeyLogger.ccgijz

0.28.2.60990

Panda Antivirus

Trj/Genetic.gen

14.07.22.02

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Sophos

Mal/Ardamax-A

4.98

Total Defense

Win32/Tnega.ZRacYEC

37.0.11073

VIPRE Antivirus

Threat.4791128

31208

File size:

2 MB (2,099,200 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

1/12/2014 9:04:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:zU41DTcTpbn8FLxL6//arqedDIEY8l8Osw:zU4tTIJn8RxG//ahdD0Jlw

Entry address:

0x56F0

Entry point:

E8, A7, 27, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 04, 8B, 4C, 24, 08, F7, C2, 03, 00, 00, 00, 75, 3C, 8B, 02, 3A, 01, 75, 2E, 0A, C0, 74, 26, 3A, 61, 01, 75, 25, 0A, E4, 74, 1D, C1, E8, 10, 3A, 41, 02, 75, 19, 0A, C0, 74, 11, 3A, 61, 03, 75, 10, 83, C1, 04, 83, C2, 04, 0A, E4, 75, D2, 8B, FF, 33, C0, C3, 90, 1B, C0, D1, E0, 83, C0, 01, C3, F7, C2, 01, 00, 00, 00, 74, 18, 8A, 02, 83, C2, 01, 3A, 01, 75, E7, 83, C1, 01, 0A, C0, 74, DC, F7, C2, 02, 00, 00, 00, 74, A4, 66, 8B, 02, 83... 
[+]

Code size:

39.5 KB (40,448 bytes)

Remove install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.