» unikey-4.2rc4-140823-setup_x32.exe
Overview
Analysis
File Details
Downloads (1)

unikey-4.2rc4-140823-setup_x32.exe

UniKey

The executable unikey-4.2rc4-140823-setup_x32.exe, “UniKey Setup ” has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from unikey.pro.vn.

File name:

Publisher:

UniKey

Product:

UniKey

Description:

UniKey Setup

MD5:

9879ec3ba1635e160b1a42b837b64a7b

SHA-1:

2437f1dc8b46e2d5718be2c5e040fdfe3bede363

SHA-256:

ef12e3b4298fab386c9edc3354fdd5be654e86b9f0a8062edde28c0c8b70b185

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

7/19/2025 2:54:55 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160708-3

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.225.1756.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

813.3 KB (832,804 bytes)

Product version:

4.2 RC4

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\unikey-4.2rc4-140823-setup_x32.exe

File PE Metadata

Compilation timestamp:

1/15/2016 3:22:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:XxGHPFLslckxOGuBVLj9o6k1vh/BZS0hUX:gtrkDu/fmDJo

Entry address:

0x113BC

Entry point:

60, 0F, AF, F2, 0F, AF, D0, 69, F7, 94, 6E, A0, 88, 78, 03, F3, 86, C7, 8D, 0D, CE, AD, 54, 28, 42, 51, 57, 81, FA, 6B, F2, 00, 00, 76, 06, 46, 15, 37, 6E, 9A, 02, 81, F9, E4, 5C, 00, 00, 77, 04, 8B, CE, FF, C9, 09, F7, 69, DD, 47, 54, 95, E0, 88, FF, 8D, 1D, 14, E4, F5, E7, F2, B8, AA, 7E, FF, FF, 69, CF, E5, 5C, BB, E5, 35, 39, 8F, 00, 00, F3, 05, B5, 0F, 00, 00, 0F, AF, C9, FE, CD, 0F, BF, FD, FE, C2, 84, F1, F2, 43, 8A, FD, 2D, 01, 00, 00, 00, 23, D8, FF, CE, 31, CD, 88, C1, EB, 05, BB, 3C, 99, 59, E0... 
[+]

Entropy:

7.8735 (probably packed)

Code size:

63.5 KB (65,024 bytes)

The file unikey-4.2rc4-140823-setup_x32.exe has been seen being distributed by the following URL.

http://unikey.pro.vn/UniKey-4.2RC4-140823-Setup_x32.exe

Remove unikey-4.2rc4-140823-setup_x32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.