home

spyinstall.exe

SpySubtract

InterMute, Inc.

The executable spyinstall.exe, “SpySubtract installer” has been detected as malware by 4 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
InterMute  (signed by InterMute, Inc.)

Product:
SpySubtract

Description:
SpySubtract installer

Version:
1.0.0.1

MD5:
fb26e0e583bb47b02f3f24078f60bd70

SHA-1:
66694087bc1c6422bc3275d92a4145aeec2c9d0c

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/26/2024 4:33:33 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ADH.2.3304
8.3.2.4

Dr.Web
MULDROP.Trojan
9.0.1.09

Malwarebytes
Trojan.Dropper
v2016.01.09.02

Rising Antivirus
PE:Trojan.DL.Agent!1.667C [F]
23.00.65.16107

File size:
2 MB (2,134,424 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (c) 2004 InterMute, Inc. All rights reserved.

Original file name:
SpySubInstall.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\spyware programs\spyinstall.exe

Digital Signature
Signed by:
InterMute, Inc.

Authority:
VeriSign, Inc.

Valid from:
1/12/2005 7:00:00 PM

Valid to:
1/13/2006 6:59:59 PM

Subject:
CN="InterMute, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="InterMute, Inc.", L=Braintree, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59C4C81EAC0A4C8723EDA43D2723A7A0

File PE Metadata
Compilation timestamp:
1/17/2005 7:59:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
49152:kY9CETVOVuV1VrV3V1VOV4VhAuNTpX4toRZ02j56xmNTO71Os:kY4EuuNNZX9den

Entry address:
0x23610B

Entry point:
B8, 00, 60, 63, 00, 6A, 00, 68, D1, 05, 44, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 8B, D8, 03, 00, 68, 70, BC, 00, 00, 6A, 00, FF, 50, 1C, 8B, CC, 8D, A0, 70, BC, 00, 00, 89, 61, 2E, 68, 00, 00, 40, 00, 51, 8B, 7C, 24, 04, 8B, 33, 66, 81, C7, 80, 07, 8D, 74, 1E, 08, 89, 3B, 53, 8B, 5E, 10, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 2A, 6A, 06, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 68, 81, C6, 5C, 01, 00, 00, F3, A5, FF, D3, 58...
 
[+]

Entropy:
7.9864

Packer / compiler:
Petite v2.1 (2)

Code size:
204 KB (208,896 bytes)

Remove spyinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.