» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Veristaff.com Inc

The application installer.exe by Veristaff.com Inc has been detected as adware by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

Veristaff.com Inc (signed and verified)

MD5:

0f3c275ec43e188eb4982277a1a0adcc

SHA-1:

19a35cd8b131bd02a31e0a705f52a535bfdc9ef1

SHA-256:

b4b7bd79841277ddde934322f3abaa95cfa109edaea92b0ade0da111cd56b19e

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/19/2024 10:53:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.149279

866

Agnitum Outpost

Trojan.Injector

7.1.1

AVG

Veristaff

2015.0.3344

Bitdefender

Gen:Variant.Graftor.149279

1.0.20.1320

Emsisoft Anti-Malware

Gen:Variant.Graftor.149279

8.14.09.21.03

ESET NOD32

Win32/Injector.BIZV (variant)

8.10277

F-Secure

Gen:Variant.Graftor.149279

11.2014-21-09_1

G Data

Gen:Variant.Graftor.149279

14.9.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.6.1.0

McAfee

Artemis!148927801825

5600.7000

MicroWorld eScan

Gen:Variant.Graftor.149279

15.0.0.792

Panda Antivirus

Trj/Chgt.B

14.09.21.03

Reason Heuristics

PUP.Veristaff.J

14.7.27.13

Sophos

Veristaff

4.98

VIPRE Antivirus

Trojan.Win32.Generic

32342

File size:

9.9 MB (10,394,920 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

Veristaff.com Inc

Authority:

DigiCert Inc

Valid from:

7/9/2014 2:00:00 AM

Valid to:

7/14/2015 2:00:00 PM

Subject:

CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata

Compilation timestamp:

7/21/2014 1:16:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:LCMcSj9tu+L7KzLdQ4N2Uj55uD1dejhYeT3dwaq4uTjHiuBnrxqmyuMzE4k:Hh99XUN5EdetDTNVHAjHPnyuEEv

Entry address:

0x7838

Entry point:

E8, 12, 28, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, E1, 40, 4F, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, E0, 40, 4F, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 3D, 41, 4F, 89, 0D, 44, 3D, 41, 4F, 89, 15, 40, 3D, 41, 4F, 89, 1D, 3C, 3D, 41, 4F, 89, 35, 38, 3D, 41, 4F, 89, 3D... 
[+]

Code size:

48.5 KB (49,664 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.