» Installer.exe
Overview
Analysis
File Details
Programs (1)
Network (10)

Installer.exe

myproject1

This is a self-extracting archive and installer.

File name:

Installer.exe

Product:

myproject1

Version:

1.0.0.0

MD5:

2ff1db1bd01f583de07c508d02983b2a

SHA-1:

65937779b45aca69a174c6feb60117ac79010a0f

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 6:59:49 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

TROJ_GEN.F47V0507

7.2.358

File size:

26 KB (26,624 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

384:qI4vP96uuAzKJZ4lYEdaDyP6AnTcLuymbVjNhkaKrcaHLf45lQflP8UXmq:qRzKJuBbP6AnTvjh1KrJrlmq

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 14, 5C, 1B, 51, 00, 00, 00, 00, 02, 00, 00, 00, 7D, 00, 00, 00, 1C, 80, 00, 00, 1C, 58, 00, 00, 52, 53, 44, 53, 4F, C6, 74, 45, C6, 08, 17, 44, 9B, 9D, 73, 25, 2B, 61, 32, 85, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 72, 61, 73, 74, 61, 6E, 32, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

The file Installer.exe has been discovered within the following program.

PDF Architect 2 by pdfforge

About 5% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to qg-in-f95.1e100.net (74.125.29.95:443)

TCP (HTTP SSL):

Connects to qd-in-f95.1e100.net (64.233.171.95:443)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP):

Connects to crl.comodoca.com (104.16.64.69:80)

TCP (HTTP):

Connects to c-0001.c-msedge.net (191.234.4.50:80)

TCP (HTTP):

Connects to a23-50-75-27.deploy.static.akamaitechnologies.com (23.50.75.27:80)

TCP (HTTP):

Connects to a23-50-69-163.deploy.static.akamaitechnologies.com (23.50.69.163:80)

TCP (HTTP):

Connects to a23-47-27-27.deploy.static.akamaitechnologies.com (23.47.27.27:80)

TCP (HTTP):

Connects to a23-13-165-163.deploy.static.akamaitechnologies.com (23.13.165.163:80)

TCP (HTTP):

Connects to a173-223-204-186.deploy.static.akamaitechnologies.com (173.223.204.186:80)

Scan Installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.