» prepreinstaller_win.exe
Overview
Analysis
File Details
Downloads (1)

prepreinstaller_win.exe

The executable prepreinstaller_win.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d6uonlik8at7j.cloudfront.net.

File name:

MD5:

d9edd7dc4c6bca9d50bbb63a9fe7b45d

SHA-1:

97818c25e50648129e12c0db1cef12e3d00135a6

SHA-256:

7933553bcf08dbe0b8cf4b44722f9286563d86075f2cde3c0edf32c098ccb1b4

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/27/2024 12:58:06 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Vitro

160326-0

AVG

Win32/Virut

2015.0.4545

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

11.5.0.6191

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

F-Prot

W32/Virut.AI

4.6.5.141

Kaspersky

Virus.Win32.Virut

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.217.300.0

Norman

Win32.Virtob.Gen.12

29.03.2016 06:29:16

VIPRE Antivirus

Threat.4737366

47926

File size:

277 KB (283,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\prepreinstaller_win.exe

File PE Metadata

Compilation timestamp:

10/18/2009 7:40:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:ASV6hdestkR3VIZQf/4ekrnfDdVKlxpeE7JKrE+D8Cmb:ASIYstavfRw7TspeEVKrE+D8Cmb

Entry address:

0x4AC33

Entry point:

83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 46, FF, FF, FF, 4B, 66, 4B, 75, FC, F7, D0, 8A, D5, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, 4F, 47, 48, 48, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, 80, C4, C4, 90, 68, 72, D4, DA, 6F, E8, 1A, FF, FF, FF, 89, 74, 24, 44, E8, 3E, FF, FF, FF, 89, 44, 24, 34, 83, E8, 04, 72, 4E, 4F, 10, D5, 90, 64, A1, 18, 00, 00, 00, 85, C0, 78, 0C, 8D, 0B, B2, FD, 8B, 40, 34... 
[+]

Code size:

124.5 KB (127,488 bytes)

The file prepreinstaller_win.exe has been seen being distributed by the following URL.

http://d6uonlik8at7j.cloudfront.net/prepreinstaller_win.exe

Remove prepreinstaller_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.