home

SilentInstaller_dotnet4.exe

sol0506

The executable SilentInstaller_dotnet4.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d21m4u3yvwhf8i.cloudfront.net.
Product:
sol0506

Version:
0.5.0.6

MD5:
89bd6f846873208f39e2c104f8096bb8

SHA-1:
c0cf76b47718d76d0b2d80885658c824955f23a3

SHA-256:
4ebc8db0c4e42619cbdf5745e9b392bf64dc9c934d467b0c2556d7948d5d9225

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/27/2024 7:00:13 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160518-2

AVG
Win32/Virut
2015.0.4591

Dr.Web
Win32.Virut.56
9.0.1.05190

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.223.1443.0

VIPRE Antivirus
Threat.4120919
49720

File size:
334.5 KB (342,528 bytes)

Product version:
0.5.0.6

Copyright:
Copyright © 2016

Original file name:
SilentInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\silentinstaller_dotnet4.exe

File PE Metadata
Compilation timestamp:
6/6/2016 11:37:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:C1TFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VJwQKGLwvm:eZwgVxGq86oH/MKvnolgJowwv

Entry address:
0x56FA5

Entry point:
E8, B1, B2, FF, FF, 0F, A2, BD, C4, 83, FF, FF, E9, 58, FF, FF, FF, 4E, 84, F6, E8, 61, B2, FF, FF, 2B, 04, 24, 8D, 64, 24, 0C, FC, F6, D2, F6, D2, 1B, 54, 24, F8, 8A, C0, 3C, 85, 8D, 36, 2B, 4C, 24, FC, E9, 5D, FE, FF, FF, 8B, FE, B4, 3C, 09, C9, E8, 37, B2, FF, FF, 51, 52, 50, EB, C9, 94, F2, D9, 50, 90, 1E, 20, FA, 59, 8A, C0, FC, 66, C1, E9, 03, E9, 3A, B2, FF, FF, 68, EF, DC, A1, 91, E8, 62, B2, FF, FF, 8A, E0, 8B, CE, FE, CC, FF, D1, F5, FE, C4, 30, EB, 11, C1, 81, EA, D1, 2E, 3C, 2F, FE, CB, 8B, EA...
 
[+]

Entropy:
7.8760  (probably packed)

Code size:
309 KB (316,416 bytes)

The file SilentInstaller_dotnet4.exe has been seen being distributed by the following URL.

http://d21m4u3yvwhf8i.cloudfront.net/SilentInstaller_dotnet4.exe

Remove SilentInstaller_dotnet4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.