home

viber.exe

The application viber.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from static.appfindr.org.
MD5:
116f3ba6eb5fc81362a11bbe166e64d0

SHA-1:
f0ee523cbaff111002c9c676f0f70321a70574ea

SHA-256:
d2379c82e51c26e38bdc207de4d6e5a434c358177450bf1664868ab850fd7d2e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
May bundle various unwanted software without adequate user consent.

Analysis date:
5/19/2026 11:29:59 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
MultiBundle
2017.0.2805

Dr.Web
Trojan.DownLoader17.11353
9.0.1.074

IKARUS anti.virus
AdWare.MultiBundle
t3scan.1.9.5.0

McAfee
Artemis!116F3BA6EB5F
5600.6461

NANO AntiVirus
Riskware.Nsis.Dloader.dvvnkj
0.30.26.3947

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
270 KB (276,501 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\viber.exe

File PE Metadata
Compilation timestamp:
8/29/2014 5:10:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:v6A/nnnnngAqmosFDv6BtgZHbGYXwj5484rLJ:Dnnnnnymos1G2ZyYXU4fh

Entry address:
0x31E8

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 23, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 33, 42, 00, E8, 15, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 03, 24, 00, 00...
 
[+]

Entropy:
7.1732

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file viber.exe has been seen being distributed by the following URL.

http://static.appfindr.org/.../Viber.exe

Remove viber.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.