» spyhunter-installer.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

spyhunter-installer.exe

Installer

Enigma Software Group USA, LLC.

The executable spyhunter-installer.exe has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from RevenueWire's affiliate distribution platform freeuninst.enigma.revenuewire.net. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

Enigma Software Group USA, LLC.

Product:

Installer

Description:

Enigma Installer

Version:

2.0.389.1328

MD5:

3f4166c305d1946b39957f809902f79d

SHA-1:

827df56e006e38e6ffeec73417ee81f0d27971c4

SHA-256:

9cdbdfed5af1ac482cda5c806e5aa57405eb190e26c3b73121a2bd0fc90b035e

Scanner detections:

9 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/2/2024 7:07:24 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160708-3

AVG

Win32/Parite

2015.0.4604

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

Kaspersky

Virus.Win32.Parite

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1756.0

Norman

Win32.Parite.B

19.05.2016 01:04:49

File size:

3.5 MB (3,660,764 bytes)

Product version:

2.0.389.1328

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\spyhunter-installer.exe

File PE Metadata

Compilation timestamp:

5/11/2016 7:46:10 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:GIpAA+LSjB3HXcc2V/HhZ0rFvXaRhoWAc5iMtfdPW4C:GoAxWaBV/Hj0kRhLYMX/C

Entry address:

0x35F000

Entry point:

90, BB, FA, C7, FD, 01, 90, 90, 68, 22, F0, 75, 00, 5F, 90, BA, 98, 05, 00, 00, 90, 90, 31, 1C, 3A, 90, 90, 83, EA, 02, 83, EA, 02, 75, F3, 90, 90, 90, 12, BA, FC, 01, FA, C7, FD, 01, FA, C7, BD, 01, B6, 49, EB, 01, 4A, E3, C8, 01, 26, EC, C8, 01, FA, 77, FF, 01, FB, C7, FD, 01, A2, F6, A0, 01, 2A, B6, 9F, 01, 24, B6, 9F, 01, 5A, 93, DF, 01, 34, B6, DF, 01, 26, B6, DF, 01, A2, E6, E0, 01, 34, B6, DF, 01, 26, B6, DF, 01, FA, C7, FD, 01, FA, C7, FD, 01, FA, C7, FD, 01, FA, C7, FD, 01, 62, F5, A0, 01, FA, C7... 
[+]

Entropy:

7.2603

Code size:

1.8 MB (1,907,712 bytes)

The file spyhunter-installer.exe has been seen being distributed by the following URL.

http://freeuninst.enigma.revenuewire.net/spyhunter2/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove spyhunter-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.