» synthesia-10.1-installer.exe
Overview
Analysis
File Details
Downloads (1)

synthesia-10.1-installer.exe

Synthesia 10.1

Synthesia LLC

The executable synthesia-10.1-installer.exe, “Synthesia 10.1 Installer” has been detected as malware by 10 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from synthesia.software.informer.com.

File name:

Publisher:

Synthesia LLC

Product:

Synthesia 10.1

Description:

Synthesia 10.1 Installer

Version:

10.1.0.3320

MD5:

6a986b45c8528558125671c1db308d10

SHA-1:

5b2f05f39331e9a4522f20b28bb864407836426f

SHA-256:

463f5ce220ff7ab21afecd1da4d58364a55908baff777d18be477fda419085e1

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/16/2024 7:37:47 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4591

Dr.Web

Win32.Sector.30

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.96

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.968.0

Norman

Win32.Sality.3

28.05.2016 13:03:37

File size:

3.7 MB (3,850,008 bytes)

Product version:

10.1.0.3320

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\synthesia-10.1-installer.exe

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:Z581FltevDmOkXLUG0CNUDW82e5SjFaQALrJH:Z58F8bobUG0Cma7e5TQA3x

Entry address:

0x323C

Entry point:

87, E9, 8D, 3D, C9, B2, D4, B6, 8A, EE, 0F, AF, CE, F3, 80, F2, E0, 01, DE, 68, 5E, 52, 97, 00, 0F, AF, D8, 2B, C0, 12, F3, FE, C3, 0F, BE, F5, 49, B2, 55, 05, DF, FE, FF, FF, 33, FF, 05, 22, 01, 00, 00, 88, EA, 89, EA, F7, C5, 43, CC, C9, E1, 84, C8, 84, D4, 3D, E4, 00, 00, 00, 0F, 82, D1, FF, FF, FF, 69, D0, 3B, AD, 8E, 4D, 88, CB, 56, 68, 2B, E1, 11, 00, 80, E2, 13, E8, 37, 00, 00, 00, EB, 02, 8B, C8, 0F, AF, DA, FF, CA, F3, B6, B1, 18, C1, 8D, 1D, 63, D2, F9, FF, 74, 07, 80, E0, B6, 33, C7, 84, E6, 81... 
[+]

Entropy:

7.9980 (probably packed)

Code size:

23 KB (23,552 bytes)

The file synthesia-10.1-installer.exe has been seen being distributed by the following URL.

http://synthesia.software.informer.com/.../

Remove synthesia-10.1-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.