» s_inst.exe
Overview
Analysis
File Details
Behaviors (1)

s_inst.exe

Bundle Co. Ltd.

The application s_inst.exe by Bundle Co has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event.

File name:

s_inst.exe

Publisher:

Bundle Co. Ltd. (signed and verified)

MD5:

0149624b6acb1f676f2aebc90d9590a4

SHA-1:

067d606d65dfc8bca6ca69987777e02301d7c633

SHA-256:

cbbe007c81770a9156e39a72d9cd501eb8d1e1b755e4a07c5b917472fc86d009

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:25:39 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Fakealert.origin

9.0.1.0313

ESET NOD32

Win32/MediaMagnet (variant)

8.10685

IKARUS anti.virus

PUA.MediaMagnet

t3scan.1.8.3.0

Reason Heuristics

PUP.Task.BundleCo.G

14.11.21.23

File size:

765.3 KB (783,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\newsi_2\s_inst.exe

Digital Signature

Signed by:

Bundle Co. Ltd.

Authority:

COMODO CA Limited

Valid from:

8/18/2014 4:00:00 AM

Valid to:

8/19/2015 3:59:59 AM

Subject:

CN=Bundle Co. Ltd., O=Bundle Co. Ltd., STREET=Chernyahovskogo str. 15/A office 3-H, L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E6346AD1059875576C9310B07844FFD5

File PE Metadata

Compilation timestamp:

10/28/2014 12:15:24 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:bhVklAiY7ST/j/Oc1wBJ//8GCN0loSbd8m/7vqwAiL9vFINDaEh4Dd7xKHj1OWOD:bBiYq7/eJ2uWCLrqXNs1KxOWBZbw0eX

Entry address:

0xB8700

Entry point:

55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, B8, 9C, 38, 4B, 00, E8, D7, 21, F5, FF, 33, C0, 55, 68, A6, 8A, 4B, 00, 64, FF, 30, 64, 89, 20, E8, 58, 46, F5, FF, 85, C0, 7E, 5F, 89, 45, EC, C7, 05, 1C, 13, 4C, 00, 01, 00, 00, 00, 8D, 55, E8, A1, 1C, 13, 4C, 00, E8, 8E, 45, F5, FF, 8B, 45, E8, BA, C0, 8A, 4B, 00, E8, 49, F4, F4, FF, 75, 08, A1, 20, B9, 4B, 00, C6, 00, 01, 8D, 55, E4, A1, 1C, 13, 4C, 00, E8, 6A, 45, F5, FF, 8B, 45, E4, BA, E4, 8A, 4B, 00, E8, 25, F4, F4, FF, 75, 07, C6, 05, AC... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

733 KB (750,592 bytes)

Scheduled Task

Task name:

newSI_2

Trigger:

Time (Next runs on 14.11.2014 at 10:10)

Remove s_inst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.