home

spyhunter-setup.exe

The application spyhunter-setup.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source.
MD5:
2389aa689c863cad5c58b9a626113ce9

SHA-1:
b403be5f368044925a230edf748ce66cc6ba4192

SHA-256:
618f0eb9bab3a78d8aca024d8368b1062d45bea65e8b260e069c861b33fe7d4c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 9:23:33 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/WinloadSDA
8.9698

F-Prot
W32/A-ace0f790
v6.4.7.1.166

NANO AntiVirus
Riskware.Win32.Winload.dgqsks
0.28.6.63850

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.14.21

File size:
1.3 MB (1,345,792 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\spyhunter-setup.exe

File PE Metadata
Compilation timestamp:
8/1/2013 11:11:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
24576:382iQMdEmfkgGNIfyDmDhzvXzws/HwFMHjTKBpwruEuT0wEM0kIgcVHU+QFcvBDY:382i5D8mDhzvXzws/HwFMHjTKBpwruES

Entry address:
0x12B0

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 44, 0B, 55, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, E4, 0B, 55, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 7C, 0B, 55, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, E8, B8, A6, 07, 00, 6A, 00, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, 81, E3, 06, 00, E8, 08, 04, 0D, 00, 31, C0, C9, C3, 55, 89, E5, 83, 7D, 0C, 01, 75, 0A, E8, F6, E5, 06, 00, E8, F1, 03, 0D, 00, B8, 01, 00, 00, 00, 5D, C2, 0C, 00, 90, 90, 90, 90...
 
[+]

Packer / compiler:
MingWin32

Code size:
831.5 KB (851,456 bytes)

Remove spyhunter-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.