all_file_to_all_file.exe

Tolaracol

Quality Install (Alpha Criteria Ltd.)

The application all_file_to_all_file.exe, “Tolaracol Setup ” by Quality Install (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.centralvaulttours.com.
Publisher:
Gesuk   (signed by Quality Install (Alpha Criteria Ltd.))

Product:
Tolaracol

Description:
Tolaracol Setup

MD5:
8330bf2476238ed4518b85ae026f55bb

SHA-1:
a7e448fe4dba6b798b068482631e8161ae68460b

SHA-256:
5e2c2e7571fc32c2d857cacf39f909f96e4767407580773d691c57423298ccc5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 3:35:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.3.11

File size:
941.2 KB (963,808 bytes)

Product version:
5.7

Copyright:
Stub

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\all_file_to_all_file.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 2:14:15 PM

Valid to:
8/4/2016 3:59:05 PM

Subject:
CN=Quality Install (Alpha Criteria Ltd.), O=Quality Install (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BA484E4C31175E4A844ED055428DEC42

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:L77lXzrOd0KGPeI5MHCHtwysk7A9AIZpulmYmdP1c33SjeP3:L7ZDyqPTKCtZs0A9Al6dP1mSi/

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9335

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file all_file_to_all_file.exe has been seen being distributed by the following URL.

Remove all_file_to_all_file.exe - Powered by Reason Core Security