home

viber+4.exe

Viber

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from viber.downloadable.co.
Product:
Viber

Version:
1.0.0.0

MD5:
7c016620aa0aa85808d1ee625c409bd8

SHA-1:
7b5b243c1adfb5f23c092f346b3b217c5446093c

SHA-256:
7f8a5062b4175e267ac1cb2dd14ef55d7b4bafce3969152d7725a295639c4fb3

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
8/6/2025 11:11:03 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/JoyDownloader.D potentially unwanted application
8.0.319.0

File size:
138.9 KB (142,265 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\viber+4.exe

File PE Metadata
Compilation timestamp:
5/20/2013 4:23:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:yZL2cIsDz9zICSuOHM3QEq+EwW/S3MG1U4Q2hMeha+s5Al:YL2cIe5yzR+E5/qMUUd+MeIB5Al

Entry address:
0x333E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.2355

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file viber+4.exe has been seen being distributed by the following URL.

http://viber.downloadable.co/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHBD0Y9rTtOh152b0sCgrn8kFbk3iYqn5P3G1yEZTcWmKEfvxR ljlvtyz4WXBAaD/Sz8Hk20snm1maqSvNKbm2RBs9Jp3QEdEzW1AX1/l8k7vXKuSGjASr1fw4TrND0VLuBmPRNMOan9RHh/.../DGOos13dl7xmBZK3Ypb3LDEAjoj4X7U2lF4f6ILvywGqO hnnG sAcVPqoOpSDrjspuCmz4rJLxHT5ZrYCN2ounkFxtghATWjo8RUTzlGFi79ojvig==

Scan viber+4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.