» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 14 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

ReSoft LTD. (signed and verified)

MD5:

796db39416a6cfa7ad3e5c910374c019

SHA-1:

38efe7e167208f9636f3961cee004509dab9215e

SHA-256:

492db01c0318dae49e7ef47b40d29afa27934020a5c92f4f5f37bd93289f043e

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/19/2024 4:59:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.@xX@gHJcMZdO

794

Avira AntiVirus

Adware/Agent.10591776

7.11.188.28

Baidu Antivirus

Trojan.Win32.MsiDrop

4.0.3.14123

Bitdefender

Gen:Adware.Heur.@xX@gHJcMZdO

1.0.20.1685

Emsisoft Anti-Malware

Gen:Adware.Heur.@xX@gHJcMZdO

8.14.12.03.01

ESET NOD32

Win32/TrojanDropper.MsiDrop (variant)

8.10763

Fortinet FortiGate

W32/MsiDrop.B!tr

12/3/2014

F-Secure

Gen:Adware.Heur.@xX@gHJcMZdO

11.2014-03-12_4

G Data

Gen:Adware.Heur.@xX@gHJcMZdO

14.12.24

McAfee

Artemis!BCD181639098

5600.6928

MicroWorld eScan

Gen:Adware.Heur.@xX@gHJcMZdO

15.0.0.1011

Reason Heuristics

PUP.ReSoft.J

14.11.1.13

Trend Micro House Call

Suspicious_GEN.F47V1120

7.2.337

VIPRE Antivirus

Trojan.Win32.Generic

35012

File size:

10.1 MB (10,566,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

7/31/2013 7:00:00 PM

Valid to:

8/1/2015 6:59:59 PM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

51FA31336CEC649121E9A908289950D2

File PE Metadata

Compilation timestamp:

10/28/2014 11:50:23 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:FiNTmmpf/vUTlTe9L+onZB4slwTHT2dmxJjzcKdS2d86v/3+Z4tDEy:FcTmmpn81oZB4cCzHzc2X/3jtj

Entry address:

0xB189

Entry point:

E8, F8, 6B, 00, 00, E9, 95, FE, FF, FF, FF, 35, 90, 31, 42, 4F, FF, 15, 84, A0, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 6D, 3E, 00, 00, 6A, 01, 6A, 00, E8, 63, 2E, 00, 00, 83, C4, 0C, E9, 28, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B... 
[+]

Entropy:

7.9987 (probably packed)

Code size:

99 KB (101,376 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.