home

viewer.exe

Advanced Installer

Caphyon SRL

The executable viewer.exe, “File that launches another file” has been detected as malware by 12 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Caphyon LTD  (signed by Caphyon SRL)

Product:
Advanced Installer

Description:
File that launches another file

Version:
11.0.0.0

MD5:
cf343dee760e03c3611230ef9c5622e0

SHA-1:
6eaa47db699977223e8da710bc20715952af9eb6

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/18/2024 12:26:13 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160214-1

AVG
Win32/Parite
2015.0.4522

Dr.Web
Win32.Parite.1
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
10.0.0.5366

ESET NOD32
Win32/Parite.A virus
7.0.302.0

F-Prot
W32/Parite.A
4.6.5.141

F-Secure
Win32.Parite.A
5.15.21

Kaspersky
Virus.Win32.Parite
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.6218.0

Norman
Win32.Parite.A
03.02.2016 10:30:35

Sophos
Virus 'W32/Parite-A'
5.23

VIPRE Antivirus
Threat.46248
46962

File size:
184.8 KB (189,188 bytes)

Product version:
11.0.0.0

Copyright:
(c) Caphyon LTD. All rights reserved.

Original file name:
viewer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\viewer.exe

Digital Signature
Signed by:
Caphyon SRL

Authority:
Thawte, Inc.

Valid from:
1/29/2013 4:00:00 PM

Valid to:
1/30/2015 3:59:59 PM

Subject:
CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Craiova, S=Dolj, C=RO

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5AB535B2749E242E6D6BCDE3142D2831

File PE Metadata
Compilation timestamp:
3/13/2014 5:33:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:tah4E6eg/ZyWU7yP+X2cZhHHEu7RowO6dOgLtKjuJJCwz9OO0le0rQalkEvnlyF7:nN/ZyWU+P+mknh7RPQ6tKK0wEXzQhEPS

Entry address:
0x6000

Entry point:
68, E1, CD, 06, 00, 58, BA, 1E, 60, 40, 00, BF, C4, 06, 00, 00, FF, 34, 3A, 31, 04, 24, 8F, 04, 3A, 83, EF, 02, 83, EF, 02, 75, EF, 90, 09, B0, 07, 00, E1, CD, 06, 00, E1, CD, 46, 00, 5F, D9, 06, 00, 79, E7, 06, 00, E5, FE, 06, 00, E1, 7D, 04, 00, E0, CD, 06, 00, E1, ED, 46, 00, BF, EC, 46, 00, 8D, EC, 46, 00, FD, C6, 06, 00, BD, EC, 06, 00, 8B, EC, 06, 00, E1, C7, 06, 00, BD, EC, 06, 00, 8B, EC, 06, 00, E1, CD, 06, 00, E1, CD, 06, 00, E1, CD, 06, 00, E1, CD, 06, 00, E1, CD, 06, 00, E1, CD, 06, 00, E1, CD...
 
[+]

Entropy:
7.9133  (probably packed)

Code size:
1.5 KB (1,536 bytes)

Remove viewer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.