» msi_repair_tool.exe
Overview
Analysis
File Details
Downloads (2)

msi_repair_tool.exe

The executable msi_repair_tool.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from www.mediafire.com and multiple other hosts.

File name:

msi_repair_tool.exe

MD5:

ca60d115dda447e2cfb2e9ff1a6dc4ef

SHA-1:

93cbfdf51ae5bf29dec3a005a053b1eb84d170b3

SHA-256:

de07c82efce13e302817d00e17a72d595ef77d7b294eb3f2861ffcbc79014b31

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/25/2024 1:08:41 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Fednu.ujp

7.11.144.32

Baidu Antivirus

Trojan.Win32.Fednu

4.0.3.14520

Clam AntiVirus

Win.Trojan.Firewallbypass-63

0.98/18355

K7 AntiVirus

Trojan

13.176.11784

McAfee

Artemis!CA60D115DDA4

5600.7125

NANO AntiVirus

Trojan.Win32.AVKill.coewxb

0.28.0.59288

Rising Antivirus

PE:Trojan.Win32.Fednu.ujp!1075352388

23.00.65.14518

File size:

353.5 KB (361,959 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\msi_repair_tool.exe

File PE Metadata

Compilation timestamp:

11/23/2011 5:41:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

CTPH (ssdeep):

6144:RyuT8gCT2wvUvRiaXwyX0IM6a+ytYOQiOhX:RyuwgCTiJiYNadtDIp

Entry address:

0x5C8E

Entry point:

55, 8B, EC, 6A, FF, 68, 10, D1, 40, 00, 68, 04, 84, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 10, 53, 56, 57, 89, 65, E8, FF, 15, 38, D0, 40, 00, 33, D2, 8A, D4, 89, 15, D0, 0C, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, CC, 0C, 41, 00, C1, E1, 08, 03, CA, 89, 0D, C8, 0C, 41, 00, C1, E8, 10, A3, C4, 0C, 41, 00, 6A, 00, E8, E4, 25, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, 9A, 00, 00, 00, 59, 83, 65, FC, 00, E8, 04, 11, 00, 00, FF, 15, 34, D0, 40, 00, A3, E4, 4C, DE, 00, E8... 
[+]

Entropy:

7.1469

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

48 KB (49,152 bytes)

The file msi_repair_tool.exe has been seen being distributed by the following 2 URLs.

http://www.mediafire.com/download/.../msi_repair_tool.exe

http://download1400.mediafire.com/gb0darp8b9xg/.../msi_repair_tool.exe

Remove msi_repair_tool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.