» nitro_pro9.exe
Overview
Analysis
File Details
Downloads (1)

nitro_pro9.exe

Nitro Pro 9

Nitro

The executable nitro_pro9.exe has been detected as malware by 10 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from install.nitropdf.com.

File name:

nitro_pro9.exe

Publisher:

Nitro

Product:

Nitro Pro 9

Version:

9.5.3.8

MD5:

ab8cfb41e78e69b970f26aa4963b57b7

SHA-1:

1d710ea9b6307606df1b13a442b56658b00e7791

SHA-256:

d2965e6a88971cf4c491c26f7763c6bc7fcd83b7f0948c269ea39d3fbe3a6956

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 11:51:10 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160215-2

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6304.0

Norman

Win32.Sality.3

15.02.2016 12:34:50

Sophos

Virus 'Mal/Sality-D'

5.23

File size:

1.6 MB (1,725,336 bytes)

Product version:

9.5.3.8

Original file name:

nitro_pro9.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\nitro_pro9.exe

File PE Metadata

Compilation timestamp:

11/28/2013 9:14:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:RBgXTlYdRNUhcH8d5KsNYAGIASeTvX+fX:Rqmr6hVd8sNYDuoQ

Entry address:

0x267A5

Entry point:

60, BE, C8, 14, 9E, 96, 84, FD, 04, D6, FF, CA, 0F, AF, DE, 69, D3, 2E, B8, 84, 32, F2, 8B, E9, B0, A6, 3B, C8, 0F, AF, FE, 86, F4, 85, FF, 0F, BE, F9, 68, B3, C2, B4, 00, 52, 80, DF, 07, E8, 07, 00, 00, 00, 40, 20, CA, 86, CB, 3B, E9, 80, E2, 0A, 0F, BF, FB, F2, F3, 87, D7, 0A, D9, 84, C5, 4E, C7, C3, 34, 1E, B3, 07, 53, 4A, 8B, DD, 69, DB, 72, 26, 78, 11, 5F, 84, F6, 41, 28, F7, 33, C7, B2, 81, 02, FC, F2, 5B, 8B, C9, B0, B6, 0F, AF, F1, 0F, AF, C2, 19, D1, 84, FE, 3A, E4, 4F, 8D, 15, E5, 67, 76, 50, 2B... 
[+]

Entropy:

7.3872

Code size:

229.5 KB (235,008 bytes)

The file nitro_pro9.exe has been seen being distributed by the following URL.

http://install.nitropdf.com/pro9/.../nitro_pro9.exe

Remove nitro_pro9.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.