home

snipsmart_510.exe

The executable snipsmart_510.exe has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl1.downserver5.com.
MD5:
e5f5b5af64336c669096383d251f3fb9

SHA-1:
66c546ffeb3a478234961ace5302fff8a86ad252

SHA-256:
721454a9182d7f90cb0c765aa3589805b9f15e7314f6f3f8ae3933bb9379a90b

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
5/15/2024 1:39:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

Dr.Web
Win32.Sector.12
9.0.1.05190

ESET NOD32
Win32/Sality.NAU virus
8.0.319.0

F-Prot
W32/Sality.AK
4.6.5.141

F-Secure
Win32.Sality.OG
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.215.1919.0

Norman
Win32.Sality.OG
29.02.2016 03:11:57

VIPRE Antivirus
Threat.416209
47432

File size:
637 KB (652,280 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\snipsmart_510.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:52:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1vj/ZaT3aTpUG1s15Ap/G/8/3D0Fw/tN8dkmLtpHHHrh7RItT024RYke18v:1bsjgv6j8/z0FmcLbH1RIt3G61w

Entry address:
0x30CB

Entry point:
60, 51, 48, 0F, A4, F7, DD, 11, EE, 0F, AD, FD, 59, 0F, A5, D3, 51, 33, F6, 56, FF, 15, C4, 70, 40, 00, 5A, 68, D0, 24, 5C, 09, 68, 88, 87, 6C, 08, 6A, 00, 5A, 52, FF, 15, 0C, 71, 40, 00, 5B, 58, E8, F4, 04, 00, 00, 52, 68, 1D, E7, F1, 09, E8, B9, 03, 00, 00, 58, 5A, E8, 1B, 00, 00, 00, 39, 0C, 66, 57, DF, 74, F6, 26, A2, 8E, 70, 5D, 44, F1, 46, 87, 3D, 43, B8, C4, 42, 7C, F2, 0E, 9B, F9, C5, 55, 0F, C0, C3, 85, C3, FF, C6, 5D, F6, DC, 68, 54, 7E, 15, 06, 68, 22, 0C, 98, 09, B9, 00, 00, 00, 00, 51, FF, 15...
 
[+]

Entropy:
7.9836  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file snipsmart_510.exe has been seen being distributed by the following URL.

http://dl1.downserver5.com/Installer/.../snipsmart_510.exe

Remove snipsmart_510.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.