codecpack_7117.exe

The application codecpack_7117.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from secured.cdnawbwest.us.
MD5:
4f17eaf6a6ad5ca7d3d6cb7c7515fad0

SHA-1:
f5665a7e15b0f89d31d7e81330d3b161330df841

SHA-256:
41319bcf53ef60b51bd297f2b9c3468e6f03c85d148223010690793e2bf0a19e

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/5/2024 3:24:59 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallMonetizer.Gen
8.3.2.2

AVG
MultiBundle
2017.0.2797

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.16322

Clam AntiVirus
Win.Adware.Outbrowse-1167
0.98/21511

Dr.Web
Adware.InstallMonetizer.1
9.0.1.082

ESET NOD32
Win32/InstallMonetizer.AW potentially unwanted
10.12497

G Data
Win32.Trojan.Agent.1VL2O5
16.3.25

IKARUS anti.virus
not-a-virus:Downloader.SilentInstall
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17710

Kaspersky
not-a-virus:Downloader.NSIS.SilentInstall
14.0.0.479

Malwarebytes
PUP.Optional.CheckOffer
v2016.03.22.06

McAfee
RDN/Generic PUP.z
5600.6453

NANO AntiVirus
Trojan.Nsis.Downloader.djhpgw
0.30.26.3947

Panda Antivirus
Trj/CI.A
16.03.22.06

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16320

Sophos
AppMonetizer Installer (PUA)
4.98

SUPERAntiSpyware
Adware.InstallMonetizer/Variant
9250

Vba32 AntiVirus
Downloader.SilentInstall
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44938

ViRobot
Adware.Installmonetizer.228667[h]
2014.3.20.0

File size:
223.3 KB (228,667 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\codecpack_7117.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:rFJ0GTzZW2G/jrp7pJ59E6rTUadigTZyt5q2pd5A8Wwi:LnZWrL17pBxddZybJd5A8S

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8387

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file codecpack_7117.exe has been seen being distributed by the following URL.

Remove codecpack_7117.exe - Powered by Reason Core Security