» unikey-4.2rc4-140823-setup_x32.exe
Overview
Analysis
File Details
Downloads (1)

unikey-4.2rc4-140823-setup_x32.exe

UniKey

The executable unikey-4.2rc4-140823-setup_x32.exe, “UniKey Setup ” has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from unikey.pro.vn.

File name:

Publisher:

UniKey

Product:

UniKey

Description:

UniKey Setup

MD5:

523d7fe02cacd16ee27f110da925595d

SHA-1:

7ff14778209b86fade110a2b222cd6fa2f0bb1e3

SHA-256:

0744e32d0ccf0b4e31df51a345065f692210f39e9e7e300a148901804c624368

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

7/19/2025 2:54:55 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

16.07.18

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1756.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

801.3 KB (820,516 bytes)

Product version:

4.2 RC4

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

1/15/2016 3:22:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:bxGp7bIQ3cOslckxOGuBVLj9o6k1vh/BZS0hUX:U1bbkDu/fmDJo

Entry address:

0x113BC

Entry point:

8D, 3D, EF, 80, FD, 30, 8A, F6, 81, FF, 70, E2, 00, 00, 73, 05, 2A, C8, 21, DA, 4E, 52, 51, 3D, 40, A4, 00, 00, 71, 04, 0F, CD, FE, C7, 69, FE, DA, 65, C7, 2A, 53, 68, 4F, A2, 1D, 00, 78, 05, 0F, AF, CE, 8A, C3, E8, 07, 00, 00, 00, 0F, AF, CF, 89, F8, 3B, F9, 86, F5, 09, EA, FF, C0, 68, B1, A2, F4, FF, 74, 03, 0F, AF, C2, 5E, 81, C6, C1, DD, 0B, 00, 03, EE, 0F, BE, F2, 81, ED, 74, 07, 00, 00, 58, 85, FB, 2B, EA, 73, 02, 8B, FF, 0F, 6E, C8, 8D, 35, 0F, 0D, FC, 85, 69, F0, 8E, F1, 68, BF, 0F, C8, 69, F9, 69... 
[+]

Code size:

63.5 KB (65,024 bytes)

The file unikey-4.2rc4-140823-setup_x32.exe has been seen being distributed by the following URL.

http://unikey.pro.vn/UniKey-4.2RC4-140823-Setup_x32.exe

Remove unikey-4.2rc4-140823-setup_x32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.