» sharkindicators installer.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

sharkindicators installer.exe

Installer

Tang Investments Corporation

This is the uninstaller utility registered in the Windows Control Panel for the program SharkIndicators BloodHound by SharkIndicators.

File name:

Publisher:

SharkIndicators (signed by Tang Investments Corporation)

Product:

Installer

Description:

This installer database contains the logic and data required to install Installer.

Version:

1.210.5294.28249

MD5:

2530c34f69a50150a97df4f0250c62ea

SHA-1:

4c161a96910b9219f1d2a1e9f74d69f7f41b27dc

SHA-256:

0c049d1c74335ab7860cab91e0aefd022eac4188dc222f57e32f17b56d9f9353

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 4:46:11 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

File size:

1.5 MB (1,520,784 bytes)

Product version:

1.210.5294.28249

Original file name:

SharkIndicators Installer.aiui

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\caphyon\advanced installer\{35bdfe15-f241-48db-bca1-e7c7b03d1391}\sharkindicators installer.exe

Digital Signature

Signed by:

Tang Investments Corporation

Authority:

COMODO CA Limited

Valid from:

1/16/2014 7:00:00 PM

Valid to:

1/16/2017 6:59:59 PM

Subject:

CN=Tang Investments Corporation, O=Tang Investments Corporation, STREET=747 Parkwood Way SE, L=Calgary, S=Alberta, PostalCode=T2J 3V2, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0C4BAF7429492A42B103C72ED9DA1D07

File PE Metadata

Compilation timestamp:

11/18/2013 8:50:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:uazsEi+oTSUCq2apDaYE+uPGaTHoFkFcsIN2z5skKmbDWtRBzeFQguQMjdK9EqQ:51OpcThFzINe7KmARc+gdMjdK9EqQ

Entry address:

0xB5209

Entry point:

E8, E9, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 33, EB, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 64, 7F, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A3, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, 9C, 00, 00, 00, 8B... 
[+]

Entropy:

6.5399

Code size:

932 KB (954,368 bytes)

Program Uninstaller

Program name:

SharkIndicators BloodHound

Display publisher:

SharkIndicators

Display version:

1.210.5294.28249

Uninstall string:

C:\ProgramData\Caphyon\Advanced Installer\{35BDFE15-F241-48DB-BCA1-E7C7B03D1391}\SharkIndicators Installer.exe /x {35BDFE15-F241-48DB-BCA1-E7C7B03D1391}

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Scan sharkindicators installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.