» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

The executable installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.giftdownloadscycle.com.

File name:

installer.exe

MD5:

eaef6c3ae160d40dfd197d7fc45ccabf

SHA-1:

89137c9aec8b8bf96ac0af9824158e19b7da6422

SHA-256:

c6d35841e3b2e656fd5a12911a4ffc935f6d79b417a646681c8095b616a4b804

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

5/3/2024 6:47:49 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:RmnDrp

160204-3

AVG

Win32/Ramnit.A

2015.0.4477

Dr.Web

Trojan.Swizzor.19587

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit

10.0.0.5366

ESET NOD32

Win32/Ramnit.A virus

7.0.302.0

Kaspersky

Virus.Win32.Nimnul

15.0.0.562

McAfee

Program.Artemis!F2C31D1FAE70

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5484.0

Norman

Win32.Ramnit

03.02.2016 07:38:05

VIPRE Antivirus

Threat.4726519

46908

File size:

260 KB (266,240 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

2/2/2016 10:45:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:/bwjDqMvnL9NFOeX09C7E3mIqGYjee86gUMxKcvajbAW7:/bwjGoLB7AC7E3mnGMPgFKCubA

Entry address:

0x33000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86... 
[+]

Entropy:

7.5101

Packer / compiler:

ASPack v1.08.04

Code size:

176 KB (180,224 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.giftdownloadscycle.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.