» IronMan Mod Installer.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

IronMan Mod Installer.exe

Installer

File name:

Product:

Installer

Description:

Skydaz Installer

Version:

1.0.0.0

MD5:

42082e55967a68c19138e24a54df81cb

SHA-1:

1e515e0decdec924f4ef7b351da7fc1c5a072437

SHA-256:

d7831700da44c1530292f41d23e24696d891a2d493f05b152f4cc0a3e9f157c1

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/16/2024 7:42:38 AM UTC (today)

Scan engine

Detection

Engine version

ViRobot

Trojan.Win32.A.Inject.1178624.A[h]

2014.3.20.0

File size:

1.1 MB (1,178,624 bytes)

Product version:

1.0.0.0

Skydaz

Trademarks:

Skydaz Installers

Original file name:

IronMan Mod Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ironman mod installer.exe

File PE Metadata

Compilation timestamp:

9/24/2012 9:59:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:sLVrkhqI1xaCFnhLT5mb+XXTUoCqLVrkhqI1xaCFnhLT5J:sC1Jmb+XXTUFqC1J

Entry address:

0xB698E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F9, 0F, 61, 50, 00, 00, 00, 00, 02, 00... 
[+]

Entropy:

5.7818

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

722.5 KB (739,840 bytes)

The file IronMan Mod Installer.exe has been seen being distributed by the following URL.

http://www.skyworxz.com/downloads/.../IronMan Mod Installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Scan IronMan Mod Installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.