Gridinsoft Logo
File Icon

InstallWizard101.exe Malware Gen Analysis

Updated 15 days ago
Checked by Malaware Check
InstallWizard101.exe

Technical Analysis

File Name InstallWizard101.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.217.174
Database Version 2025-05-23 05:00:15 UTC

Malware.Win32.Gen.tr

Malware family: Gen

This is a generic detection identifier for files exhibiting Trojan horse characteristics. It indicates malware that disguises itself as legitimate software while containing malicious code designed to compromise system security or steal information.
N/A
Detection Rate
27,255,216
File Size (bytes)
2025-05-23
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
2ec7ca56b024233004ef3f59f287a3cd
SHA1
629b419b966f043ebde271ad9ce9fd0a9ccc0cec
SHA256
6b57197633273a41a53c14121504f89f1134bb1ca30166f4eefa3808bfbf75e2
SHA512
c5a7e97a5e2c7537b6d55c1f1cf4f970986850562e727f73d34d7c25decda0689abda6ef5072a9ad0eb98b777bb844f8427a345fbd6df8811a71443cf85c40cc
ImpHash
5fca7f0fc8c16d55fed0e805fc0ad295

PE Analysis

Basic Information

Icon
Hash: 4feb39e50f7cbc1d33b41bfd90c27555
Fuzzy: 0db42d26e652558e502ea45bf9d8d11c
dHash: f0ec38cdc4c4cad8
Image Base 0x00400000
Entry Point 0x00421ee4
Compilation Time 2008-05-10 03:39:06
Checksum 0x01a077cb (Actual: 0x01a077cb)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature OK
Imports 11 libraries
Exports 0 functions
Resources 13 Resources
Sections 4 Sections

Version Information

CompanyName Acresso Software Inc.
FileDescription Setup.exe
FileVersion 15.0.498
InternalName Setup
OriginalFilename Setup.exe
LegalCopyright Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
ProductName InstallShield
ProductVersion 15.0
Internal Build Number 77018
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 290,898 bytes 294,912 bytes 6.56 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7022E6BA32086C160B95A6DAF2ACBBCC
.rdata 0x00049000 40,344 bytes 40,960 bytes 4.60 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 55E03D7107B091921C34968EC1868647
.data 0x00053000 29,292 bytes 24,576 bytes 3.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9DD3955A12E89147999B93D08844B4FC
.rsrc 0x0005b000 96,064 bytes 98,304 bytes 7.62 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4E933CBC03539A8B68F136AEDAEF5D06
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 13 (95,300 bytes)
Resource Type Count Total Size Percentage
RT_ICON 9 92,788 bytes
97.4%
RT_DIALOG 1 66 bytes
0.1%
RT_GROUP_ICON 1 132 bytes
0.1%
RT_VERSION 1 904 bytes
0.9%
RT_MANIFEST 1 1,410 bytes
1.5%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

Malware.Win32.Gen.tr Removal

Gridinsoft has the capability to identify and eliminate Malware.Win32.Gen.tr without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware