home

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 17 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.
Publisher:
ReSoft LTD.  (signed and verified)

MD5:
5e799e2d8b7448fce9cd354778aae2e7

SHA-1:
650f729fbaa4966a7d5a4e3a5740300f44ce7d23

SHA-256:
fce8d4e5a9ebf25017d39a4c08ea3aa13ba9121441123b41ac3fe602771015d8

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
4/25/2024 4:04:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.149279
866

Agnitum Outpost
Trojan.Injector
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-140726

AVG
Veristaff
2015.0.3344

Bitdefender
Gen:Variant.Graftor.149279
1.0.20.1320

Dr.Web
Adware.Linkury.3
9.0.1.0207

Emsisoft Anti-Malware
Gen:Variant.Graftor.149279
8.14.09.21.03

ESET NOD32
Win32/Injector.BIZV (variant)
8.10277

F-Secure
Gen:Variant.Graftor.149279
11.2014-21-09_1

G Data
Gen:Variant.Graftor.149279
14.9.24

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

McAfee
Artemis!148927801825
5600.7000

MicroWorld eScan
Gen:Variant.Graftor.149279
15.0.0.792

Panda Antivirus
Trj/Chgt.B
14.09.21.03

Reason Heuristics
PUP.ReSoft.J
14.8.8.1

Sophos
Veristaff
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32342

File size:
10.1 MB (10,576,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/31/2013 8:00:00 PM

Valid to:
8/1/2015 7:59:59 PM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
7/21/2014 7:57:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:oJGjlz0deqYH2xq2tPsZ/mgO1Kq9hd0qT7B8bGspQWOdmX89vWYQsC:oIRAdD1P6/VsB50YubGsmWuY

Entry address:
0x7838

Entry point:
E8, 12, 28, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, E1, 40, 4F, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, E0, 40, 4F, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 3D, 41, 4F, 89, 0D, 44, 3D, 41, 4F, 89, 15, 40, 3D, 41, 4F, 89, 1D, 3C, 3D, 41, 4F, 89, 35, 38, 3D, 41, 4F, 89, 3D...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
48.5 KB (49,664 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.