home

MuClassicInstaller.exe

MuClassicInstaller

Shahar - Arthas

This is a self-extracting archive and installer. The file has been seen being downloaded from db50e37196f9683d7eedd27a3d24a49835afe941.googledrive.com and multiple other hosts.
Publisher:
Shahar - Arthas

Product:
MuClassicInstaller

Version:
1.0.0.0

MD5:
5085c2dd32f549ee74ab0eb824b67897

SHA-1:
5cc94e9aa17a634d73a3f7e2508cc7e5f474e411

SHA-256:
8d406cbbd97ba121826eb0682a91b4c2ca5b251e738915a3dbe9099edd404947

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/18/2024 11:25:52 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160216-0

ESET NOD32
MSIL/Packed.Confuser.J suspicious application
8.0.319.0

K7 AntiVirus
Trojan
13.214.18879

Sophos
Generic PUA FM (PUA)
4.98

File size:
1.9 MB (1,969,664 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Trademarks:
Shahar - Arthas

Original file name:
MuClassicInstaller.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\muclassicinstaller.exe

File PE Metadata
Compilation timestamp:
1/14/2016 12:42:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:85SV07m0pz0ASPwzjwjnLgMN9ei9SywxqBu8FPFiJW567JpINYq8Vgk:Uy071thShrFci9SB+NtANwNl8Vg

Entry address:
0x18733E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5521

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.5 MB (1,594,368 bytes)

The file MuClassicInstaller.exe has been seen being distributed by the following 2 URLs.

https://db50e37196f9683d7eedd27a3d24a49835afe941.googledrive.com/host/.../MuClassicInstaller.exe

https://googledrive.com/host/.../MuClassicInstaller.exe

Scan MuClassicInstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.