» siinst.exe
Overview
Analysis
File Details
Downloads (1)

siinst.exe

Software Informer

Informer Technologies, Inc.

The executable siinst.exe, “Software Informer Setup ” has been detected as malware by 13 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from files.informer.com.

File name:

siinst.exe

Publisher:

Informer Technologies, Inc.

Product:

Software Informer

Description:

Software Informer Setup

MD5:

73ef2576cf65d449227dd784cded72b1

SHA-1:

1ac5b1ea86b9c9cee01fba9447c5254af58226cb

SHA-256:

129f1e51f12810e19e7811eabbcdd9b4ad62745e1b091ba285c98f9d598492b9

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/27/2024 1:51:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813571

avast!

Win32:SaliCode

160118-1

AVG

Win32/Sality

2015.0.4489

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.4702.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4758034

46750

File size:

3.5 MB (3,676,480 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\siinst.exe

File PE Metadata

Compilation timestamp:

10/13/2013 1:49:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:d9zbYBcBb1qhJoK52+pfzuiULRB2SmS6lRQ:d9oBcb1qVf81H7t6I

Entry address:

0x113BC

Entry point:

0F, AF, D1, 34, 66, 31, F0, 72, 03, F6, C1, C7, 71, 02, FF, C3, 40, BD, 9D, 0D, 00, 00, 81, ED, 9D, 0D, 00, 00, 81, C5, B5, F2, FF, FF, 81, EB, F8, 0C, 11, 5D, 81, C5, 4C, 0D, 00, 00, 46, 42, F6, C4, 6C, 81, FD, DD, 00, 00, 00, 72, E1, F6, C1, 32, B7, 09, E8, 08, 00, 00, 00, B4, BF, 88, D1, 84, E5, 2B, D1, BA, C1, 1A, 57, 12, 81, FA, FD, B9, 00, 00, 71, 05, C6, C6, 07, 09, F8, B6, 8C, 8D, 45, 00, 41, B6, 63, 03, E8, 01, E8, C6, C3, C8, 73, 03, 0F, B6, FD, EB, 0D, BD, CC, 5B, 83, 78, 8D, 05, DC, DC, 90, 78... 
[+]

Entropy:

7.9882 (probably packed)

Code size:

63.5 KB (65,024 bytes)

The file siinst.exe has been seen being distributed by the following URL.

http://files.informer.com/siinst.exe

Remove siinst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.