Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Installmonstr

Trojan.Installmonstr

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 3,220
Threat Level: 80 % (High)
Infected Computers: 81,090
First Seen: June 26, 2014
Last Seen: November 17, 2025
OS(es) Affected: Windows

SpyHunter Detects & Remove Trojan.Installmonstr

File System Details

Trojan.Installmonstr may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. excelviewer_setup.exe eb53ee79255c2e94b5c31ea5ddcce7c7 1,000

Analysis Report

General information

Family Name: Trojan.Installmonstr
Signature status: Self Signed

Known Samples

MD5: 74bd5fa0652cedaa90984335d570e941
SHA1: ce736c6d8d9bf44a34cbb2c41960e40dc2d4cf71
SHA256: 80E9726CB733E2660828C416729AB445E0BA55B7024FF16CA892FB6A25C3E3CF
File Size: 3.19 MB, 3188168 bytes
MD5: 970befb365c781f59c5308e67aaa2e6a
SHA1: 726906787c7a2bb35ffe6d3605eba9f1eb43a544
SHA256: 52E1E306BC39EEB05F3C3C94E26C88B901B21E258574244FA2345B4A77BBA2F4
File Size: 1.28 MB, 1281680 bytes
MD5: 2a95d3d07ae8daf422f556cbd4293709
SHA1: 190814ef71d2648798f4ad51051411581df97a7c
SHA256: 60F9D05B2086AF66ADF567B218B6EB16B06D01AC01514C5977C9C918B0BFC140
File Size: 4.80 MB, 4797128 bytes
MD5: e81020fd54ed7561a4a907087b3696b0
SHA1: 8a7e79e584379d0e92348888c037774ce8456ab3
SHA256: 7042CE486BDCE02DB99C08B19FFFC6AF3AA25541C239C58F387D73D07C949E72
File Size: 537.02 KB, 537024 bytes
MD5: 3003e8f1ea15d2b91905a001ce628159
SHA1: a8541bee57c20f690f560ddcaa18a7ccd9011aa0
SHA256: B3A4648059688AD1EBC31AAC116BFF1800E5B031BCFA99F08965CE945CB27A31
File Size: 4.59 MB, 4586664 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Allmyapps
  • Lobanebec
  • Soft company
  • Software company
File Description
  • Allmyapps
  • Description
  • Fastest file downloader
  • Tesabi Setup
File Version
  • 4.2.3.2
  • 4.2.1.2
  • 2.0.0.8
  • 1.5.3.1
  • 1.0.0.0
Internal Name
  • Application downloader
  • GetApplication
  • SfxSetup.exe
Legal Copyright
  • All copyright
  • Copyright
  • Copyright (C) 2011
  • Internet file
Legal Trademarks
  • Trademark A
  • Trademarks
Original Filename SfxSetup.exe
Product Name
  • Allmyapps
  • Product1
  • ProductNames
  • Tesabi
Product Version
  • 4.6
  • 2.3.1
  • 2.2.1.83
  • 2.0.0.8
  • 1.0.0.0

Digital Signatures

Signer Root Status
Bastion Develop, TOV COMODO RSA Code Signing CA Self Signed
LLC KOLORIS IT COMODO RSA Code Signing CA Self Signed
Smart Solyushns Kompani, TOV COMODO RSA Code Signing CA Self Signed
Velko Smart, TOV COMODO RSA Code Signing CA Self Signed
ALLMYAPPS thawte Primary Root CA Root Not Trusted

Block Information

Total Blocks: 6,967
Potentially Malicious Blocks: 850
Whitelisted Blocks: 6,116
Unknown Blocks: 1

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x x 0 0 0 x x x x x x x x x 0 x x 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 x x 0 x x x 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • InstallMonstr.B

Files Modified

File Attributes
c:\users\user\appdata\local\temp\7z6fffc428\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7z6fffc428\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-vr2av.tmp\726906787c7a2bb35ffe6d3605eba9f1eb43a544_0001281680.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef75.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsjef76.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\dialer.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\dialer.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\newadvsplash.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsjef76.tmp\newadvsplash.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\registry.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\registry.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\splash-screen.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\splash-screen.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjef76.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~df6c69e9172441289b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\allmyapps\infos.json Generic Write,Read Attributes
c:\users\user\downloads\190814ef71d2648798f4ad51051411581df97a7c_0004797128 Generic Write,Read Attributes
c:\users\user\downloads\a8541bee57c20f690f560ddcaa18a7ccd9011aa0_0004586664 Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Yqwusbhc\AppData\Local\Temp\nsjEF76.tmp\newadvsplash.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Yqwusbhc\AppData\Local\Temp\nsjEF76.tmp\newadvsplash.dll\??\C:\Users\Yqwusbhc\AppData\Local\Temp\nsjEF76.tmp\regi RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
  • OpenClipboard
Keyboard Access
  • GetKeyboardState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • getaddrinfo
  • getsockname
  • setsockopt
  • socket
Network Winhttp
  • WinHttpOpen
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile

Shell Command Execution

"C:\Users\Wfyvwmlp\AppData\Local\Temp\is-VR2AV.tmp\726906787c7a2bb35ffe6d3605eba9f1eb43a544_0001281680.tmp" /SL5="$2013E,1027327,56832,c:\users\user\downloads\726906787c7a2bb35ffe6d3605eba9f1eb43a544_0001281680"
(NULL) C:\Users\Yqwusbhc\AppData\Local\Temp\7z6FFFC428\Setup.exe ama:install:b56354872ad1648e2c0892e5be370699ot

Trending

Most Viewed

Loading...