Has unfortunately not yet been processed!
I did a detailed analysis of the file already mentioned, which prompted me to change my classification.
The file installs the antivirus software “Zemana Antivirus” and uses a modified installer that downloads malware.
File reputation analysis:
The specified version “3.1.495” has an original size of 12.15 MB (12741568 bytes) and is signed by Thawte, Symantec and Digicert. The installer was created with Inno Setup Module 5 SFX - [v. (5.5.7) [5.5.9 Unicode]] >>> VirusTotal
In contrast, the modified version has a size of 13.80 MB (14473489 bytes) and is NOT signed. The installer was created with Smart Install Maker v5.04.
Some suspicious/malicious Indicators: Compiler: Borland Delphi, Packer: Inno Setup Module 5 SFX - [v. (5.5.7) [5.5.9 Unicode] - Borland Delphi(6-7 or 2005), File has multiple binary anomalies (File ignores DEP, File ignores Code Integrity, ASLR is disabled, Several of the extracted files contain a suspicious timestamp (B.EXE.5E40BCE5.bin" claims program is from Sat Apr 13 17:16:17 2097, “d.exe” claims program is from Tue Nov 3 11:08:34 2082, “c.exe” claims program is from Sun Oct 17 08:55:50 2038), Checksum mismatches the PE header value, PE file has unusual entropy sections, Contains zero size sections, The file contains another file type: Flash, location: overlay, offset: “0x0067A58A” & type: Flash, location: overlay, offset: “0x009EEA83”& type: Smart-installer, location: overlay, offset: “0x0002C600”, The file contains a virtualized section, The file contains multiple shared sections, Imports sensitive libraries (MCI API DLL, Cabinet File API), Installs itself for autorun at Windows startup, Contains ability to listen for incoming connections, Tries to sleep for a long time, Runs a keylogger, Attempts to identify installed AV products by installation directory (Avast, Avira, Combofix, Kaspersky, Mcafee, Bitdefender, AVG), Queries kernel debugger information, Queries process information, Queries sensitive IE security settings, Queries the internet cache settings, Looks for the Windows Idle Time to determine the uptime, Reads the active computer name, Reads the cryptographic machine GUID, Reads the registry for installed applications, Reads terminal service related keys, Changes read-write memory protection to read-execute, Creates guarded memory sections, Writes data to a remote process ( “C:\Windows\System32\findstr.exe” & “C:\Windows\Wget\bin\wget.exe”), Disables Windows Task Manager, Modifies boot configuration settings (command: bcdedit /set “{current}” safeboot “minimal”), Modifies Software Policy Settings, Modifies proxy settings, Uses “C:\Windows\Wget\bin\wget.exe” to downloads additional malware from a host known to be malicious >>> (VirusTotal)