» spyhunter-installer.exe
Overview
Analysis
File Details
Downloads (5)

spyhunter-installer.exe

The executable spyhunter-installer.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server. The file has been seen being downloaded from www.remove-pcvirus.com and multiple other hosts.

File name:

MD5:

8b387119011394663c7bafe292777e93

SHA-1:

04894d1e0ae776d67176c7304ad046093d0b76d0

SHA-256:

7caf9af536b95d1008655813ba680f24142d3ed260b3ba221700075fc7517a22

Scanner detections:

10 / 68

Status:

Malware

Explanation:

Infected with the direct-infection Neshta file infector virus.

Analysis date:

4/26/2024 8:23:51 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

Bkav FE

W32.NeshtaB.PE

1.3.0.6379

herdProtect (fuzzy)

variant of spyhunter-installer.exe.zvcyei3.partial

2015.9.20.9

K7 AntiVirus

Virus

13.203.15712

McAfee

W32/HLLP.41472.e

5600.6637

MicroWorld eScan

Win32.Neshta.A

16.0.0.789

NANO AntiVirus

Virus.Win32.Neshta.cdby

0.30.20.1219

nProtect

Virus/W32.Neshta

15.04.24.01

Quick Heal

W32.Neshta.C8

9.15.14.00

VIPRE Antivirus

Virus.Win32.Neshta.a

39712

File size:

3 MB (3,172,228 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\spyhunter-installer.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:6xoRr9/D5pOBJM9e1uCuXD2j9rHWTjW2TNTTmTB66uvMVRJSg8jF6sfm2PDyVggl:6YWBJM9e1DjhHWfW2MrkSJSisf3PWf3V

Entry point:

03, 5D, 08, 83, FB, FE, 76, 05, E8, 6B, 88, 12, 00, 8B, 46, 18, 3B, C3, 73, 24, 8B, 4E, 14, 51, 53, 8B, CE, E8, C4, 33, FF, FF, 85, DB, 0F, 86, 9D, 00, 00, 00, 8B, 46, 18, 83, F8, 10, 72, 31, 8B, 56, 04, 89, 55, FC, EB, 2F, 85, DB, 75, E6, 89, 5E, 14, 83, F8, 10, 72, 0E, 8B, 46, 04, 88, 18, 8B, C6, 5B, 8B, E5, 5D, C2, 08, 00, 8D, 46, 04, C6, 00, 00, 8B, C6, 5B, 8B, E5, 5D, C2, 08, 00, 8D, 4E, 04, 89, 4D, FC, 83, F8, 10, 72, 05, 8B, 4E, 04, EB, 03, 8D, 4E, 04, 8B, 56, 14, 2B, D7, 52, 8B, 55, FC, 03, D7, 52... 
[+]

Entropy:

7.2351

The file spyhunter-installer.exe has been seen being distributed by the following 5 URLs.

http://www.remove-pcvirus.com/download-scn

http://download.enigmasoftware.com/spyhunter-free-download/.../SpyHunter-Installer.exe

http://members.driverguide.com/.../icfh.php?c=dgpdlspnspy

http://www.fixsystem32.com/download.php

http://www.malwarerecovery.org/.../

Remove spyhunter-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.