» wininst-9.0-amd64.exe
Overview
Analysis
File Details

wininst-9.0-amd64.exe

The executable wininst-9.0-amd64.exe has been detected as malware by 8 anti-virus scanners.

File name:

MD5:

558974b4c56014ae77fc3ceddf346ace

SHA-1:

04ed0a8f6d8792b15df3c794a8b036e6620aa9ba

SHA-256:

0807b8f089845d995994a2eabcc64b692b644b3728d9159863cce647ab87a4a7

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 11:53:25 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Expiro-DF

160214-1

AVG

Win32/Expiro

2015.0.4522

Dr.Web

Win64.Expiro.108

9.0.1.05190

ESET NOD32

Win64/Expiro.AC virus

7.0.302.0

McAfee

Virus.W64/Expiro.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6277.0

Norman

Win64.Expiro.Gen.3

13.02.2016 01:47:07

Sophos

Virus 'W64/Expiro-S'

5.23

File size:

801.5 KB (820,736 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\autodesk\composite2014\python\lib\distutils\command\wininst-9.0-amd64.exe

File PE Metadata

Compilation timestamp:

1/29/2009 6:57:20 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:qbuJ7fcXbz0TfxnQPhbuKV7vPZ/dNPcNFEs7RFReSVccczaaZZUztom:mu7fc0TJnQluKpvPZVNiN7RjenvZZUS

Entry address:

0xE1E8

Entry point:

90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, D0, 00, 00, 00, 48, C7, 85, 70, FF, FF, FF, 00, 00, 00, 00, 48, C7, 45, A8, 0E, 00, 00, 00, 4C, 8B, 55, A8, 49, 83, EA, 0E, 4C, 89, 55, A0, 48, C7, 45, 98, 09, 00, 00, 00, 45, 31, F6, 4C, 8B, 55, A0, 4D, 89, D5, 49, 83, ED, 00, 49, BA, B5, 56, 00, 00, 00, 00, 00, 00, 4C, 89, 95, 40, FF, FF, FF, BE, F7, 93, 56, B5, 4C, 8B, 95, 40, FF, FF, FF, 49, B9, 00, BD, 00, 00, 00, 00, 00, 00, 4D, 89, D6, 4D, 0F, AF, F1, 41, BD, 34, 72... 
[+]

Entropy:

7.3385

Code size:

150 KB (153,600 bytes)

Remove wininst-9.0-amd64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.