alcohol120_trial_2-0-2-5830.exe

The application alcohol120_trial_2-0-2-5830.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from global-shared-files-l3.softonic.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.
MD5:
b90d24b821b9d65b40afc9e6f101f723

SHA-1:
beb16c4780db7cc30760b23fa13322cbb6d77bfd

SHA-256:
c36bb1e3d795e3b641fa04ff16d3ff4f566ea6b1c09ae0674687d142a754f7e2

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/24/2024 4:19:25 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Bkav FE
W32.Clod886.Trojan
1.3.0.4959

Comodo Security
Application.Win32.InstallCore.~AO
18048

ESET NOD32
Win32/InstallCore.FJ (variant)
8.9639

F-Prot
W32/A-42c63c6c
v6.4.7.1.166

Malwarebytes
v2014.04.05.05

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14403

SUPERAntiSpyware
10685

Trend Micro House Call
TROJ_GEN.F47V1119
7.2.95

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
InstallCore.b
28040

XVirus List
Win32.Detected
2.4.5

File size:
617 KB (631,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\alcohol120_trial_2-0-2-5830.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:6yMJfsGHXGBT4Xy2v81bk9//ulNXE5RmT01sv3CNXIhXWxFUfYOG8i5S1FMt6u:6yMJfsGkkC2v+kJ/WNX+G01ZNXtx8YvM

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file alcohol120_trial_2-0-2-5830.exe has been seen being distributed by the following 23 URLs.

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20131221142059&nva=20131222022159&token=047e9392e5bc14d23054b&id_file=22703&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20131226150643&nva=20131227030743&token=05bd6eabbb310afc2b9cb&id_file=22703&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20131201230116&nva=20131202110216&token=0f3e2ec484b8088638dde&id_file=22703&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140316220217&nva=20140317100317&token=0a1b8cb9f96db1986a7f8&id_file=22703&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140217151329&nva=20140218031429&token=00ad5905a45c3d0b04277&id_file=22703&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140331193552&nva=20140401073652&token=000c7a4d562d41c62acc1&id_file=22703&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140120212441&nva=20140121092541&token=0f61b9b4fe6cb4eee66f4&id_file=22703&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140309083216&nva=20140309203316&token=01eb683d340395336156c&id_file=22703&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140606152100&nva=20140607032200&token=06b91a44b6e56a3f94bbf&id_file=22703&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

http://global-shared-files-l3.softonic.com/beb/16c/.../file?nvb=20140406170409&nva=20140407050509&token=09bda2a570fbf6957b510&id_file=22703&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Alcohol120_trial_2-0-2-5830.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-25-117-203.us-west-2.compute.amazonaws.com  (52.25.117.203:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (95.211.162.129:80)

TCP (HTTP):
Connects to ec2-54-229-133-176.eu-west-1.compute.amazonaws.com  (54.229.133.176:80)

TCP (HTTP):
Connects to ec2-54-207-11-184.sa-east-1.compute.amazonaws.com  (54.207.11.184:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

Remove alcohol120_trial_2-0-2-5830.exe - Powered by Reason Core Security