» wininst-9.0-amd64.exe
Overview
Analysis
File Details

wininst-9.0-amd64.exe

The executable wininst-9.0-amd64.exe has been detected as malware by 25 anti-virus scanners.

File name:

MD5:

a2221166ae8c5fe71a97a00d05f4ec60

SHA-1:

e9026a7b557363ddea6abfbf18e860d0b1b11035

SHA-256:

78dd1139512d51c5ad269856ba454e326a86f2476929eb2b683d526e96399d9f

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/19/2024 6:26:03 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

6486625

Agnitum Outpost

Win32.Virut.AB.Gen

7.1.1

Avira AntiVirus

W64/Infector.Gen8

7.11.206.0

avast!

Win32:Virut-ANS

150129-1

AVG

Win32/Virut

2014.0.4253

Baidu Antivirus

Virus.Win32.Virut.$NBP

4.0.3.15130

Bitdefender

Win32.Virtob.Gen.12

1.0.20.150

Bkav FE

W32.Vetor.PE

1.3.0.6379

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

9.0.0.4799

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

Fortinet FortiGate

W32/Virut.CE

1/30/2015

F-Secure

Win32.Virtob.Gen.12

5.13.68

G Data

Win32.Virtob.Gen.12

15.1.25

IKARUS anti.virus

Virus.Win32.Virut

t3scan.1.8.6.0

Kaspersky

Virus.Win32.Virut

15.0.0.543

MicroWorld eScan

Win32.Virtob.Gen.12

16.0.0.90

NANO AntiVirus

Virus.Win64.Virut-Gen.bwpxnc

0.30.0.65070

Norman

Win32.Virtob.Gen.12

03.12.2014 13:20:04

Quick Heal

W32.Virut.G

1.15.14.00

Sophos

Virus 'W32/Scribble-B'

5.09

Total Defense

Win32/Virut.17408.C!corrupt

37.0.11411

Trend Micro House Call

PE_VIRUX.GEN2-1

7.2.30

Trend Micro

PE_VIRUX.GEN2-1

10.465.30

VIPRE Antivirus

Threat.4739697

36694

File size:

245.5 KB (251,392 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\ilivid\lib\distutils\command\wininst-9.0-amd64.exe

File PE Metadata

Compilation timestamp:

6/21/2000 3:09:39 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:GQZbO5JCSZT0wwla4G13CmdxLzI9LTB5xnmzw6Vkm1:RbuJcfcXbz0TfxWkm

Entry address:

0x42AE4

Entry point:

83, 3C, 24, FE, 8B, D2, 90, 77, FE, 8D, 64, 24, CC, 60, 8B, D7, 83, EC, DC, 8D, 7F, 99, E8, 49, 00, 00, 00, 24, 87, 00, E0, 4B, 29, CF, 66, 4B, 75, FC, 01, E0, B4, CA, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, E9, 0E, 03, 00, 00, B9, B5, EF, 00, 00, 47, 87, F6, 0F, AF, CA, 30, 4F, FF, 8A, D2, 47, FC, 4E, 28, 77, FE, 87, D1, 4F, 83, E8, F8, 86, D6, 3D, 97, 36, 03, 00, 76, DB, 2C, 00, 4A, F5, C3, 4A, 8B, 2C, 24, 8D, 64, 24, E0, F7, D7, FF, 74, 24, 54, 81, 44, 24, 24, E9, B6, FC, FF, 86, C2, 87, D7, 80, C9, 54... 
[+]

Entropy:

6.7994

Code size:

150 KB (153,600 bytes)

Remove wininst-9.0-amd64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.