» {0419bfcb-db7e-45ac-ad92-2d58694d9df4}
Overview
Analysis
File Details

{0419bfcb-db7e-45ac-ad92-2d58694d9df4}

InstallShield

Macrovision Corporation

The file {0419bfcb-db7e-45ac-ad92-2d58694d9df4}, “InstallShield (R) Setup Engine” has been detected as malware by 8 anti-virus scanners.

File name:

Publisher:

Macrovision Corporation

Product:

InstallShield

Description:

InstallShield (R) Setup Engine

Version:

14.0.162

MD5:

a08f361b32078ec59deb22abd5f83a6d

SHA-1:

f80566d59338ecb1d6c8250b504c63ca719effbd

SHA-256:

fc653c409fdcf453bcd3f1c354f3f42c6d41ae55e4c2b7b4bdf399eccf2555fc

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/5/2024 8:26:34 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Heur

2016.0.3183

Baidu Antivirus

Trojan.Win32.PEMalform

4.0.3.1532

Comodo Security

TrojWare.Win32.Kryptik.~NT

20615

ESET NOD32

Win32/RiskWare.PEMalform

9.10971

Fortinet FortiGate

W32/Onlinegames.ASE!tr

3/2/2015

McAfee

Artemis!A08F361B3207

5600.6839

Rising Antivirus

PE:Trojan.Win32.Generic.179A99E0!396007904

23.00.65.15228

VIPRE Antivirus

Trojan.Win32.Generic

36418

File size:

1.6 MB (1,646,592 bytes)

Product version:

14.0

Original file name:

iKernel.dll

Language:

English (United States)

File PE Metadata

Compilation timestamp:

4/18/2007 8:06:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:4yF3SrUVaX7zyCyHHjDLLhSuZhqVSNlw8XkMgrNGr:4yF3Sr0aiC4vhSOhGSvbxgrAr

Entry address:

0x1906B0

Entry point:

53, 57, 56, 55, E8, 00, 00, 00, 00, 5D, 81, ED, 4C, 13, 38, 00, 8D, B5, 43, 13, 38, 00, 8B, 46, FC, 83, C0, 04, 2B, F0, FC, 8B, DE, 8B, 56, 08, 8B, 76, 1C, 03, F2, 8D, BD, 2F, 1F, 38, 00, AD, AB, AD, AB, AD, AB, AD, AB, 90, 83, 7B, 48, 01, 74, 15, 8B, 73, 44, 85, F6, 74, 0E, B9, 23, 00, 00, 00, 03, F2, 8B, 7B, 40, 03, FA, F3, A4, 8B, F3, 8D, BD, 1B, 1F, 38, 00, 01, 2F, 01, 6F, 04, 01, 6F, 08, 8D, 8D, FF, 1E, 38, 00, 51, E8, 46, 01, 00, 00, 90, 90, 90, 90, 90, 90, 90, 90, 8B, 4E, 2C, 89, 8D, 2B, 1F, 38, 00... 
[+]

Code size:

932 KB (954,368 bytes)

Remove {0419bfcb-db7e-45ac-ad92-2d58694d9df4} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.