home

installer.exe

TODO:

TODO: <Company name>

The application installer.exe, “InstallerManager ” has been detected as a potentially unwanted program by 20 anti-malware scanners. The file has been seen being downloaded from as23gg.com and multiple other hosts.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
InstallerManager

Version:
1.0.0.1

MD5:
b3d7ecfc23e5b7db2986f5ef5028f275

SHA-1:
f72bc4055e599faf4bfde7161a07df6da4628136

SHA-256:
fe7c1a14fe4e82bf8700bbe456d993ba8121a4ba9566e1b9a4d19671353c86fe

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
5/16/2024 6:10:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.117657
782

Agnitum Outpost
PUA.InstallMetrix
7.1.1

Avira AntiVirus
TR/Zusy.2057728.2
7.11.214.140

avast!
Win32:Malware-gen
2014.9-141214

AVG
Generic6
2015.0.3260

Baidu Antivirus
Adware.Win32.InstallMetrix
4.0.3.141214

Bitdefender
Gen:Variant.Zusy.117657
1.0.20.1740

Comodo Security
ApplicUnwnt
20360

Emsisoft Anti-Malware
Gen:Variant.Zusy.117657
8.14.12.14.11

ESET NOD32
Win32/AdWare.InstallMetrix (variant)
8.10873

F-Secure
Gen:Variant.Zusy.117657
11.2014-14-12_1

G Data
Gen:Variant.Zusy.117657
14.12.24

IKARUS anti.virus
PUA.InstallMetrix
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win32.InstallMetrix
14.0.0.2325

MicroWorld eScan
Gen:Variant.Zusy.117657
15.0.0.1044

NANO AntiVirus
Riskware.Win32.InstallMetrix.dmcstq
0.30.0.296

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.18.23

SUPERAntiSpyware
Trojan.Agent/Gen-Zusy
9989

Trend Micro House Call
TROJ_GEN.R08NH09LD14
7.2.348

VIPRE Antivirus
Threat.4150696
37788

File size:
2 MB (2,057,728 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
InstallerManager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\z6r5epio\installer.exe

File PE Metadata
Compilation timestamp:
12/12/2014 9:31:09 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:Dd6DKapF1pQ4Tr+bGwTSdoC9cpa+DvnKiiCKepoQChjaAx:QdF1DTr+bPedoC+phvnKiiCKepoQC

Entry address:
0x137D07

Entry point:
E8, 9F, 8C, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, B0, A1, 5B, 00, 75, 02, F3, C3, E9, 31, 04, 00, 00, 55, 8B, EC, 51, 57, 8B, 7D, 10, 85, FF, 75, 17, E8, 2D, 1B, 00, 00, C7, 00, 16, 00, 00, 00, E8, 4E, 93, 00, 00, 33, C0, E9, AD, 00, 00, 00, 8B, 45, 0C, 85, C0, 74, E2, 8B, 4D, 08, 85, C9, 75, 06, 8B, 0F, 85, C9, 74, D5, 0F, B7, 11, 53, 33, DB, 56, 66, 85, D2, 74, 31, 0F, B7, 38, 8B, F0, 66, 85, FF, 74, 14, 8B, DF, 66, 3B, DA, 74, 0B, 83, C6, 02, 0F, B7, 1E, 66, 85, DB, 75, F0, 33, DB, 66, 39, 1E, 74, 0B, 83...
 
[+]

Entropy:
6.4985

Code size:
1.4 MB (1,453,056 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

http://as23gg.com/Installer.exe

http://i28f.com/Installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.