» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Veristaff.com Inc

The application installer.exe by Veristaff.com Inc has been detected as adware by 18 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

Veristaff.com Inc (signed and verified)

MD5:

9d87acb5183931b0c5167f83f7608250

SHA-1:

3ae796e424e07ba7486f2205cb6549bb713e3cc0

SHA-256:

ad705ddc8829ad206677a5fe01c95aa36045c96d0bd6a12eb64b480283b40381

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/25/2024 2:02:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.@xX@gHJcMZdO

794

Avira AntiVirus

Adware/Agent.10591776

7.11.188.28

AVG

Veristaff

2015.0.3282

Baidu Antivirus

Trojan.Win32.MsiDrop

4.0.3.14123

Bitdefender

Gen:Adware.Heur.@xX@gHJcMZdO

1.0.20.1685

Emsisoft Anti-Malware

Gen:Adware.Heur.@xX@gHJcMZdO

8.14.12.03.01

ESET NOD32

Win32/TrojanDropper.MsiDrop (variant)

8.10765

Fortinet FortiGate

W32/MsiDrop.B!tr

12/3/2014

F-Secure

Gen:Adware.Heur.@xX@gHJcMZdO

11.2014-03-12_4

G Data

Gen:Adware.Heur.@xX@gHJcMZdO

14.12.24

IKARUS anti.virus

Trojan-Dropper.Win32.Msidrop

t3scan.1.8.3.0

McAfee

Artemis!9D87ACB51839

5600.6938

MicroWorld eScan

Gen:Adware.Heur.@xX@gHJcMZdO

15.0.0.1011

Qihoo 360 Security

HEUR/QVM41.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Veristaff.J

14.11.22.17

Sophos

Veristaff

4.98

Trend Micro House Call

Suspicious_GEN.F47V1122

7.2.326

VIPRE Antivirus

Trojan.Win32.Generic

35026

File size:

10 MB (10,463,528 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

Veristaff.com Inc

Authority:

DigiCert Inc

Valid from:

7/8/2014 9:00:00 PM

Valid to:

7/14/2015 9:00:00 AM

Subject:

CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata

Compilation timestamp:

11/19/2014 12:08:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:11aurAPscazGCuJqB8F3rLjHhEMK2oAK5MpFnPRH0pgqdzYI0Oo:NQ0B8JvjHjdFPRH0F6Wo

Entry address:

0xB189

Entry point:

E8, F8, 6B, 00, 00, E9, 95, FE, FF, FF, FF, 35, 90, 31, 42, 4F, FF, 15, 84, A0, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 6D, 3E, 00, 00, 6A, 01, 6A, 00, E8, 63, 2E, 00, 00, 83, C4, 0C, E9, 28, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B... 
[+]

Code size:

99 KB (101,376 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.