home

ScrInstall.EXE

Axialis Professional Screen Saver Compiler

Axialis Software

The executable ScrInstall.EXE, “Axialis Professional Screen Saver Installation” has been detected as malware by 2 anti-virus scanners. The file has been seen being downloaded from www.ecran-de-veille.com and multiple other hosts.
Publisher:
Axialis Software

Product:
Axialis Professional Screen Saver Compiler

Description:
Axialis Professional Screen Saver Installation

Version:
3, 5, 7, 0

MD5:
ed3809507010eacc2f0519b3e3395b00

SHA-1:
0fa08deadaf186db15a749e85993bfb72cf9e64d

SHA-256:
a07621bc3d0b09fdc1d759a2a2324d5c50fd048a2830299ac2e340bd8b05d1c0

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/18/2024 6:40:03 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Click.IX
8.13.12.29.03

Reason Heuristics
Unnamed.Threat.12
14.3.1.0

File size:
1.8 MB (1,933,528 bytes)

Product version:
3, 5, 7, 0

Copyright:
Copyright (c) 2002

Original file name:
ScrInstall.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\scrinstall.exe

File PE Metadata
Compilation timestamp:
11/29/2005 6:14:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:2zJP+QMNR/0FaA3BNp7E0mOQxXbjuOcjzB3F50/sHNOQ4heYTr6yuM7yfkiBHR5:2+r+357jNwO3nW/4OjH7zGfN1R5

Entry address:
0xDEB7

Entry point:
B8, 14, 1E, 47, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 75, E9, BB, 48, 00, 7B, 0F, 18, DD, 23, 45, 12, 08, DD, BF, 60, 0B, E4, 43, 93, C2, C4, B2, 68, 4C, BC, C0, 37, 14, DD, 92, FC, 0B, A1, 0A, FB, 34, FE, AE, 73, 69, 73, 6B, E5, DD, 2A, B4, A3, B6, D2, B8, C0, A8, E4, 10, E5, 60, 8B, 65, FE, 8F, 1D, 06, 48, F7, B0, CE, 6A, 68, A1, 1C, DC, AB, 00, AE, E6, AD, E1, 78, 89, FB, FC, 6E, DB, 68, E4, 6B, 76, C3, AD, 1E, F3, C7...
 
[+]

Entropy:
7.8455  (probably packed)

Code size:
156 KB (159,744 bytes)

The file ScrInstall.EXE has been seen being distributed by the following 2 URLs.

http://www.ecran-de-veille.com/.../aquarium_005.exe

http://dfr.eorezo.com/download/fr/.../aquarium_005.exe

Remove ScrInstall.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.