» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

PINWID LTD

The application installer.exe by PINWID has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

PINWID LTD (signed and verified)

MD5:

dc0c824d84a2745a5279db3088b9bc93

SHA-1:

21e0f6cbd78fb41ebcde795bb4feb301cd0efa0b

SHA-256:

2f5a411f4fbf12a0afc5c3fe55c8129badfd285449ea91e8967d067c1f1945ab

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/26/2024 8:52:39 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Inject

2.1.4+

avast!

Win32:Malware-gen

2014.9-141102

AVG

Trojan horse Dropper.Agent

2015.0.3303

Baidu Antivirus

Trojan.Win32.MsiDrop

4.0.3.14112

ESET NOD32

Win32/TrojanDropper.MsiDrop (variant)

8.10647

IKARUS anti.virus

AdWare.Smartbar

t3scan.1.8.3.0

Reason Heuristics

PUP.PINWID.J

14.8.28.9

Zillya! Antivirus

Dropper.MsiDrop.Win32.1

2.0.0.1973

File size:

10 MB (10,505,240 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

8/12/2014 9:00:00 PM

Valid to:

8/13/2015 8:59:59 PM

Subject:

CN=PINWID LTD, OU=514841295, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009956EF23AED48987569DC3E7434BBB19

File PE Metadata

Compilation timestamp:

8/27/2014 12:32:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:H4qPuaTjLd0yqP9VZTMTFuzhTJM6QTymJqSsYRD3ZxDBvFj4Lzw:H4Mu8LpqP9VZTMTF2hTJMb5qXYRDj9vR

Entry address:

0xB01F

Entry point:

E8, 92, 5E, 00, 00, E9, 95, FE, FF, FF, FF, 35, 80, 21, 42, 4F, FF, 15, 88, 90, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 77, 3E, 00, 00, 6A, 01, 6A, 00, E8, 70, 2E, 00, 00, 83, C4, 0C, E9, 35, 2E, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83... 
[+]

Code size:

95 KB (97,280 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.