» SansaUpdaterInstall.exe
Overview
Analysis
File Details
Downloads (1)

SansaUpdaterInstall.exe

Sansa Updater Installer

SanDisk Corporation

The executable SansaUpdaterInstall.exe, “Installer for Sansa firmware updater” has been detected as malware by 14 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from mp3support.sandisk.com.

File name:

Publisher:

SanDisk Corporation

Product:

Sansa Updater Installer

Description:

Installer for Sansa firmware updater

Version:

1.4.0.7

MD5:

7ac05e6a7ce19fe841dc7e0779399bc1

SHA-1:

800778d13d258d2181c18e816a56f1da829c8bbf

SHA-256:

ac2e8c6d02f2c97d8c2a8333645353ff7015fe1c5e5db070f44ad4a470d76be2

Scanner detections:

14 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/27/2024 2:07:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813612

avast!

SaliCode

151222-1

AVG

Win32/Sality

2015.0.4489

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.E.gen

4.6.5.141

F-Secure

Win32.Sality.3

5.05.7110

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.1379.0

Norman

Win32.Sality.3

17.12.2015 06:34:11

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46126

File size:

2 MB (2,148,656 bytes)

Product version:

1.4.0.7

Original file name:

SansaUpdaterInstall.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sansaupdaterinstall.exe

File PE Metadata

Compilation timestamp:

6/10/2014 10:59:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:QWvvfTaphLTbL5DewHJAkcrtiC43Uf5zhpTC7h+HABfhxh7kfr398J7:QQvfchL75DDJAkEtiC43Uf5zHTxgBxkq

Entry address:

0x10F8D4

Entry point:

4B, 57, 87, D3, 0F, AF, C6, 69, C9, E0, EF, 4C, 98, 69, CA, A1, D1, 95, 4E, 84, F2, F2, 19, E9, 68, C2, 5D, 49, 00, 68, 2D, 83, 2D, 00, 86, F2, E8, 2D, 00, 00, 00, B1, D0, 0F, B6, D6, 8A, D5, F6, C1, CF, 69, F8, D9, 36, A7, CF, 69, F7, CA, 41, D7, 73, 84, D4, 8A, CD, 81, EB, E6, 2A, 00, 00, 0F, B7, CF, 84, E8, 8B, D5, 81, EB, 3D, 0F, 00, 00, 0F, BF, EF, 8D, 15, AE, 51, DB, 85, 13, CF, 8D, 35, 83, 84, 6A, AB, 8A, C9, 42, 0F, BF, D7, 12, C7, 2A, D4, 4D, 87, C2, 8D, 0A, 70, 03, 80, E3, 38, 84, F7, 85, C6, 8B... 
[+]

Entropy:

6.7023

Code size:

1.3 MB (1,352,192 bytes)

The file SansaUpdaterInstall.exe has been seen being distributed by the following URL.

http://mp3support.sandisk.com/sansa/.../SansaUpdaterInstall.exe

Remove SansaUpdaterInstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.