» xinput13.dll__13432_i1923690962_il1855.exe
Overview
Analysis
File Details
Downloads (1)

xinput13.dll__13432_i1923690962_il1855.exe

sMguPO1k6F

ywvHc7n

The application xinput13.dll__13432_i1923690962_il1855.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.balatonserviceless.online.

File name:

Publisher:

ywvHc7n

Product:

sMguPO1k6F

Description:

smart install

Version:

178.112.81.136

MD5:

19a68cc0032ff6d804f83c31058848fb

SHA-1:

b512156a4a18f73e3d6c40463ba3b5ccf144afd7

SHA-256:

e2c19b37332413707db140301d5ee48a146d04faab79178047b39f122a89b624

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

5/7/2024 7:02:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InstallMonetizer.ywvHc7n.Installer.Meta (M)

16.6.7.0

File size:

612 KB (626,688 bytes)

Product version:

178.112.81.136

LC 2015

Trademarks:

Pepcyc

Original file name:

build.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\xinput13.dll__13432_i1923690962_il1855.exe

File PE Metadata

Compilation timestamp:

6/6/2016 4:10:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:fFQeOHquCxpjGzMvv4rWd4Fn6/0DcPIOQo:WdfCxAovv4rH6/NIq

Entry address:

0xA7FC

Entry point:

E8, 27, 43, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 4D, 1A, 00, 00, C7, 06, E0, 3B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E0, 3B, 42, 00, E9, A3, 1A, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E0, 3B, 42, 00, E8, 90, 1A, 00, 00, F6... 
[+]

Entropy:

7.5123

Code size:

136 KB (139,264 bytes)

The file xinput13.dll__13432_i1923690962_il1855.exe has been seen being distributed by the following URL.

http://www.balatonserviceless.online/.../53t52.exe

Remove xinput13.dll__13432_i1923690962_il1855.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.