adblockplusie-1.6.exe

Adblock Plus IE

Eyeo GmbH

The application adblockplusie-1.6.exe, “Adblock Plus IE Setup ” by Eyeo GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from adblock-plus-for-internet-explorer.softonic.com and multiple other hosts.
Publisher:
Eyeo GmbH  (signed and verified)

Product:
Adblock Plus IE

Description:
Adblock Plus IE Setup

MD5:
83e90785a659ccc2673ed0982cdc1fbf

SHA-1:
8e592cea65dd388a6fe751cc888e35ebcfd8d1d4

SHA-256:
bca0f7d80c60aecbdfb4dd47642d7b235e539e07bd3ec85f73ab95fbefe3c594

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 8:19:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.1.3.16

File size:
6 MB (6,263,976 bytes)

Product version:
1.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adblockplusie-1.6.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/7/2015 2:00:00 AM

Valid to:
7/7/2018 1:59:59 AM

Subject:
CN=Eyeo GmbH, O=Eyeo GmbH, STREET=Im Klapperhof 7-23, L=Köln, S=Nordrhein-Westfalen, PostalCode=50670, C=DE

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E11CEEA9402B941C46BF4F7A00F87D1D

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file adblockplusie-1.6.exe has been seen being distributed by the following 4 URLs.

https://adblock-plus-for-internet-explorer.softonic.com/.../trmsvRChbxdrflJq3ZIylWt0sI8aa3KPl0C9oyM84N0MfBu0Uc p0awMca3IyQxMJjDjTz6887wab9RHIIOpoB7SgljWDF3JRG6iAxZBecvS37xU7vZ1IgUvrplK5E9QlTOr8KV iOCtqXtD bDtUGc=

https://adblock-plus-for-internet-explorer.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPNbFIbvPqwG59DNzhKGKPopOS/16MIOzRwqccoV7ljLt3QuyZT q07ovdEE2PXi8rBTWyMTMT/.../cluQ ZLtw8rItZrW16O7VgPS1j7o=

https://update.adblockplus.org/.../adblockplusie.exe

https://downloads.adblockplus.org/adblockplusie-1.6.exe

Remove adblockplusie-1.6.exe - Powered by Reason Core Security