home

installer.exe

15R8T

15R8TC@PQ

The application installer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address dwl0.wizzlabs.com on port 80 using the HTTP protocol.
Publisher:
15R8TC@PQ

Product:
15R8T

Description:
15R8TC@

Version:
8.5.5.3

MD5:
f11717083660ba589162d258c5fb837c

SHA-1:
2770966abe24c3c66f0b4e03c727ac359e91aede

SHA-256:
9c8f5a677b9a622aa7513c271208a1045e0731bf2305926fa308ceb2d1c6f9be

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 4:04:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Eorezo (M)
17.1.31.19

File size:
2.1 MB (2,170,880 bytes)

Product version:
8.5.5.3

Copyright:
Copyright © 2121

Original file name:
FrameCentreUrbain.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

File PE Metadata
Compilation timestamp:
1/31/2017 7:07:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

Entry address:
0x211596

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.1 MB (2,160,128 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mess1.wizzlabs.com  (176.31.252.74:80)

TCP (HTTP):
Connects to server-54-192-25-87.mxp4.r.cloudfront.net  (54.192.25.87:80)

TCP (HTTP):
Connects to mess5.wizzlabs.com  (176.31.106.195:80)

TCP (HTTP SSL):
Connects to itmi01.proinity.net  (95.141.32.8:443)

TCP (HTTP):
Connects to dwl0.wizzlabs.com  (94.23.252.37:80)

TCP (HTTP):
Connects to mess4.wizzlabs.com  (94.23.44.92:80)

TCP (HTTP):
Connects to dwl2.wizzlabs.com  (94.23.199.17:80)

TCP (HTTP):
Connects to i0-h0-s3.p0-gig.cdngp.net  (174.35.87.68:80)

TCP (HTTP SSL):
Connects to usny01.proinity.net  (107.182.231.101:443)

TCP (HTTP):
Connects to mess6.wizzlabs.com  (188.165.209.131:80)

TCP (HTTP):
Connects to mess0.wizzlabs.com  (176.31.115.114:80)

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.