» wininst-9.0.exe
Overview
Analysis
File Details

wininst-9.0.exe

The executable wininst-9.0.exe has been detected as malware by 36 anti-virus scanners.

File name:

wininst-9.0.exe

MD5:

da285b7cb7a95a7b494037f1e2e2e8aa

SHA-1:

65cb03ee7f62469b986cc450df203c2852b0c20c

SHA-256:

4d87d68749f6585f2428dd1b7dc30b1b71dfa7c66703cda9a10c5fb8b14ecb8d

Scanner detections:

36 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 6:23:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

6505014

Agnitum Outpost

Win32.Virut.AB.Gen

7.1.1

AhnLab V3 Security

Win32/Virut.F

2015.02.01

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

avast!

Win32:Vitro

150129-1

AVG

Win32/Virut

2014.0.4253

Baidu Antivirus

Virus.Win32.Virut.$NBP

4.0.3.1521

Bitdefender

Win32.Virtob.Gen.12

1.0.20.160

Bkav FE

W32.Vetor6B7F

1.3.0.6379

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

9.0.0.4799

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

Fortinet FortiGate

W32/Virut.CE

2/1/2015

F-Prot

W32/Virut.AL!Generic

4.6.5.141

F-Secure

Win32.Virtob.Gen.12

5.13.68

G Data

Win32.Virtob.Gen.12

15.2.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

K7 AntiVirus

Backdoor

13.193.14824

Kaspersky

Virus.Win32.Virut

15.0.0.543

McAfee

W32/Virut.n.gen

5600.6868

Microsoft Security Essentials

Threat.Undefined

1.191.3721.0

MicroWorld eScan

Win32.Virtob.Gen.12

16.0.0.96

NANO AntiVirus

Virus.Win32.Virut.hpeg

0.30.0.65070

Norman

Win32.Virtob.Gen.12

03.12.2014 13:20:04

nProtect

Virus/W32.Virut.Gen

15.01.30.01

Panda Antivirus

W32/Sality.AO

15.02.01.03

Quick Heal

W32.Virut.G

2.15.14.00

Rising Antivirus

PE:Win32.Virut.ec!1608462

23.00.65.15130

Sophos

Virus 'W32/Scribble-B'

5.10

Total Defense

Win32/Virut.17408

37.0.11414

Trend Micro House Call

PE_VIRUX.R

7.2.32

Trend Micro

PE_VIRUX.R

10.465.01

Vba32 AntiVirus

Virus.Virut.14

3.12.26.3

VIPRE Antivirus

Threat.4739697

36694

ViRobot

Win32.Virut.AM[h]

2014.3.20.0

Zillya! Antivirus

Virus.Virut.Win32.1938

2.0.0.2050

File size:

249.5 KB (255,488 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\ilivid\lib\distutils\command\wininst-9.0.exe

File PE Metadata

Compilation timestamp:

4/21/2006 11:33:34 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:2Jw8KYg5zA5GsMYSxSJiN/vGss9kTBf9pAXAtPOYQw/Sn5UmE0DndB4D6S:2035iMhL/vGsbTBl2wOsKFEk

Entry address:

0x44903

Entry point:

83, 3C, 24, FE, 90, 77, FE, 89, FF, 90, 8D, 64, 24, CC, 8B, E4, F8, 60, 83, EC, DC, 87, F7, E8, 62, FF, FF, FF, 4B, 66, 4B, 75, FC, 42, 09, F8, 46, FF, 73, 3C, E9, E5, FD, FF, FF, 8B, 44, 24, FC, 5E, FF, E0, 24, 17, 86, F0, F7, D0, 6A, 01, 8B, FE, 6A, 04, 59, 80, CA, 1B, 58, 8D, 11, AB, 42, 28, DA, 48, F3, AB, C3, 68, 19, 58, AB, 0D, F7, D7, E8, 47, FF, FF, FF, 89, B5, C1, FD, FF, FF, 68, DD, 77, 23, 90, 2D, 4F, 23, A3, A5, 91, E8, 31, FF, FF, FF, 8D, 44, 24, 28, 89, 74, 24, 4C, 96, 6A, 20, 8B, 7C, 24, 4C... 
[+]

Entropy:

7.0773

Code size:

141.5 KB (144,896 bytes)

Remove wininst-9.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.