wiziinst_v2.8.exe

The executable wiziinst_v2.8.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cfile26.uf.tistory.com.
MD5:
eba88f9e6b1d423c9f0da174c0b4a366

SHA-1:
d39f8f618c76b3b4f74ea933771a475a0b38f1e5

SHA-256:
faf25e569b38fa859d9def448bd6f1bf987282199d5f37491c20f870f63eaf35

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
9/24/2018 10:46:09 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.1388554
8.3.2.2

AVG
Generic9_c
2016.0.2941

CMC Antivirus
Trojan-Downloader.Win32.FraudLoad!O
1.1.0.977

G Data
Win32.Trojan.Agent.I73VTL
15.10.25

IKARUS anti.virus
Trojan.Agent
t3scan.1.9.5.0

McAfee Web Gateway
BehavesLike.Win32.BadFile.tc
7.6597

Qihoo 360 Security
Win32/Trojan.d9b
1.0.0.1015

Trend Micro House Call
TROJ_SPNR.15BH15
7.2.303

Trend Micro
TROJ_SPNR.15BH15
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
44806

File size:
1.3 MB (1,388,554 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wiziinst_v2.8.exe

File PE Metadata
Compilation timestamp:
12/7/2000 4:37:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:APNoNrvyRog4fEXgSsftcwLcjEViQIHfORrxBnFOFcxhjQ1oRT0qB008u2hL:AlotvyIfMgBBLcqgOR9pFbDQ1oZ9B7gl

Entry address:
0x29940

Entry point:
60, BE, 00, B0, 41, 00, 8D, BE, 00, 60, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9979

Packer / compiler:
UPX 2.90LZMA

Code size:
60 KB (61,440 bytes)

The file wiziinst_v2.8.exe has been seen being distributed by the following URL.

Remove wiziinst_v2.8.exe - Powered by Reason Core Security