alcohol52_fe_2.0.2.4713.exe

Alcohol Soft

The application alcohol52_fe_2.0.2.4713.exe by Alcohol Soft has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mirror3.free-downloads.net and multiple other hosts.
Publisher:
Alcohol Soft  (signed and verified)

MD5:
dec40c29d3c888748a8ee90db0246590

SHA-1:
0c202933f8b2e8352ec52836e0e2b52a755c80be

SHA-256:
22f42184edd0c3a068dbaa55bb418368d270981bcfacb7645233d0aeb6ab0703

Scanner detections:
10 / 68

Status:
Clean  (10 possible false positive detections)

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 8:06:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.145.120

Bkav FE
W32.Clodcc8.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18178

ESET NOD32
Win32/InstallCore.BO
8.9729

IKARUS anti.virus
not-a-virus:Downloader.Win32.LMN
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11896

Kaspersky
not-a-virus:Downloader.Win32.LMN
14.0.0.3944

NANO AntiVirus
Trojan.Win32.LMN.cwlxoz
0.28.0.59492

Sophos
Generic PUA AM
4.98

Vba32 AntiVirus
3.12.26.0

File size:
676.8 KB (693,064 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/10/2012 9:00:00 AM

Valid to:
10/14/2013 8:59:59 AM

Subject:
CN=Alcohol Soft, OU=Alcohol Soft Development Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Alcohol Soft, L=Belfast, S=Antrim, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0EEFAA2A5FC37BE316951AA9F8651331

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:q5/FN+9nIbYET1cnXCQBP76j4w9FptxPpANfGTLjvXe7WoX3uK5z:q59oMBcXCQBP76j4Y/PpApGbvoWrKx

Entry address:
0x13FA50

Entry point:
60, BE, 00, 20, 4A, 00, 8D, BE, 00, F0, F5, FF, C7, 87, 10, 47, 0E, 00, C2, 75, 43, 68, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8341

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
632 KB (647,168 bytes)

The file alcohol52_fe_2.0.2.4713.exe has been seen being distributed by the following 2 URLs.

Remove alcohol52_fe_2.0.2.4713.exe - Powered by Reason Core Security