{a200b85c-f400-4ae7-a7c3-3856bf591dc2}

Click run software

The file {a200b85c-f400-4ae7-a7c3-3856bf591dc2} by Click run software has been detected as adware by 17 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.mediaplayerlite.net.
Publisher:
Click run software  (signed and verified)

MD5:
1250e675dd808f19a026833c96f756ee

SHA-1:
a00760a954bb417ac217754de90551401cae257b

SHA-256:
1c5ebdab448eab45bd7c4f6df3f02c61cbf4fb6001442e58603025e635b33d97

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 3:40:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen6
7.11.125.190

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141115

Bkav FE
W32.HfsAutoA
1.3.0.4923

Clam AntiVirus
W32.Adware.InstallCore-1
0.98/18155

Comodo Security
Application.Win32.ClickRun.A
17639

Dr.Web
Adware.InstallCore
9.0.1.0319

ESET NOD32
Win32/InstallCore (variant)
8.9309

F-Prot
W32/InstallCore.C.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.175.10881

Malwarebytes
PUP.Adware.InstallCore
v2014.11.15.12

Panda Antivirus
Adware/MultiToolbar
14.11.15.12

Reason Heuristics
PUP.Clickrunsoftware.g
14.11.15.12

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141113

Trend Micro House Call
TROJ_GEN.R0CBH0AJB13
7.2.319

Vba32 AntiVirus
Malware-Cryptor.InstallCore.1
3.12.24.3

VIPRE Antivirus
Click run software
25576

File size:
1012.3 KB (1,036,560 bytes)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/18/2012 8:00:00 PM

Valid to:
4/19/2013 7:59:59 PM

Subject:
CN=Click run software, O=Click run software, STREET=63 Rotshylid Shderot, L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A243E49C0DAF69F7C5ACF083EB184161

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:CPuGY6wh/4dBtCoP/UzcWEhv0/RQe8iv014KIbMpW1z51x5g5Vc4e4szDSA0382v:1GYVpoPccWavuRM14xf1Iho62HxCN9

Entry address:
0xC1E1E

Entry point:
55, 8B, EC, 83, C4, F0, B8, DC, D5, 47, 00, E8, 5A, DA, FF, FF, 17, 12, 33, 79, 3A, EB, AD, 75, 4B, EB, 91, 37, BD, 19, A0, 61, BE, 3C, D3, B6, 64, D8, 10, 5A, 55, C7, 48, 14, 92, 4C, A8, F5, 1F, 81, CB, FB, 93, 75, 12, 86, E9, 56, 97, C5, 13, 84, 69, 7A, 1A, 78, E8, 9B, E2, B4, 8C, CA, D8, 4C, 6A, AB, 0D, B3, 30, 79, 95, D2, 7D, 79, 3E, 9F, CA, 24, CD, B2, 45, 2B, 76, 95, 4F, 9F, 30, CA, 8D, F7, 13, C6, B4, AB, 03, 54, 78, 9F, 20, 28, 51, AE, E9, 96, 01, EC, 01, AD, 03, 86, ED, 2D, 4F, 51, 63, 16, 29, 6A...
 
[+]

Entropy:
6.9945

Developed / compiled with:
Microsoft Visual C++

Code size:
787 KB (805,888 bytes)

The file {a200b85c-f400-4ae7-a7c3-3856bf591dc2} has been seen being distributed by the following URL.

Remove {a200b85c-f400-4ae7-a7c3-3856bf591dc2} - Powered by Reason Core Security