home

installer.exe

Veristaff.com Inc

The application installer.exe by Veristaff.com Inc has been detected as adware by 16 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from s.allfree-soft.net.
Publisher:
Veristaff.com Inc  (signed and verified)

MD5:
dc01d4eb81064a65d93b5075c6f06569

SHA-1:
e9882666e4bb7377dd08ec3bab10e8da9f4a86a8

SHA-256:
baa15fdfbbf65a278bd0d12d4ca7b6dbb9d3b86c52e42a147e456a38a88dd2e7

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
5/8/2024 6:15:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.149279
866

Agnitum Outpost
Trojan.Injector
7.1.1

AVG
Veristaff
2015.0.3344

Bitdefender
Gen:Variant.Graftor.149279
1.0.20.1320

Dr.Web
Adware.Linkury.3
9.0.1.0208

Emsisoft Anti-Malware
Gen:Variant.Graftor.149279
8.14.09.21.03

ESET NOD32
Win32/Injector.BIZV (variant)
8.10277

F-Secure
Gen:Variant.Graftor.149279
11.2014-21-09_1

G Data
Gen:Variant.Graftor.149279
14.9.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.6.1.0

McAfee
Artemis!148927801825
5600.7000

MicroWorld eScan
Gen:Variant.Graftor.149279
15.0.0.792

Panda Antivirus
Trj/Chgt.B
14.09.21.03

Reason Heuristics
PUP.Veristaff.J
14.7.27.13

Sophos
Veristaff
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32342

File size:
10 MB (10,482,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature
Signed by:
Veristaff.com Inc

Authority:
DigiCert Inc

Valid from:
7/8/2014 5:00:00 PM

Valid to:
7/14/2015 5:00:00 AM

Subject:
CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata
Compilation timestamp:
7/21/2014 4:36:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:mICAjcPkpfBpTsatfflWSzzU4f5VZunvaPLuFF9FKGcmMfbL6OJcgHAHah:cGWmBKajWSfU4f5VZO6Lo9FKF/L6Ecg5

Entry address:
0x77E8

Entry point:
E8, 12, 28, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, E1, 40, 4F, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, E0, 40, 4F, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 3D, 41, 4F, 89, 0D, 44, 3D, 41, 4F, 89, 15, 40, 3D, 41, 4F, 89, 1D, 3C, 3D, 41, 4F, 89, 35, 38, 3D, 41, 4F, 89, 3D...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
48.5 KB (49,664 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://s.allfree-soft.net/inst/software/6074B303-9375-48A8-8578-417957143639/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.