home

core10k.exe

The application core10k.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. Additionally, the file is typically installed by a number of programs including StuffIt 2010 by Smith Micro Software Inc. and Wondershare 1-Click PC Care (Version 7.5.0) by Wondershare Software. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
d581068e84510083ddea45e821ebde36

SHA-1:
beebba90686dafbd91dbb17ab37a9442ea9c5521

SHA-256:
fa04f7f08277b74677628a224a096d4b9fe4cafb7eff9f9d92e2ad776085959d

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:09:33 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Zbot.G
2015.0.3260

Bkav FE
W32.Clod901.Trojan
1.3.0.4923

Dr.Web
Win32.Siggen.7
9.0.1.0349

Emsisoft Anti-Malware
Riskware.Win32.Keygen
10.0.0.5366

K7 AntiVirus
Virus
13.185.14098

Malwarebytes
PUP.Keygen.Intro
v2013.12.26.10

Microsoft Security Essentials
Threat.Undefined
1.189.509.0

nProtect
Virus/W32.SpyEye
14.11.21.01

Panda Antivirus
W32/Cosmu.C
14.12.15.12

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.14.23

VIPRE Antivirus
Threat.4732184
35010

File size:
134.5 KB (137,728 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mediaget\coreldraw.graphics.suite.x6.4.v16.4.0.1280.www.mundomanuales.com\coreldraw.graphics.suite.x6.4.v16.4.0.1280.www.mundomanuales.com\core10k.exe

File PE Metadata
Compilation timestamp:
10/5/2001 12:36:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:quH/RGfpO7StR997TALihAOJiKVa6vs86Vn:LfwpCkxDa609n

Entry address:
0xD150C0

Entry point:
60, BE, 00, 50, 0F, 01, 8D, BE, 00, C0, 30, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Code size:
132 KB (135,168 bytes)

Scheduled Task
Task name:
{266901F8-DF41-4E90-9A0B-B61538498A57}

Trigger:
Registration (Runs on registration)


The file core10k.exe has been discovered within the following programs.

StuffIt 2010  by Smith Micro Software Inc.
Publisher's description - “StuffIt incorporates the functionality of StuffIt Expander, DropStuff, DropZip, and DropTar into one convenient program. Create and access email attachments and downloads, protect data, transfer files.”
www.SmithMicro.com
About 1% of users remove it
Wondershare 1-Click PC Care (Version 7.5.0)  by Wondershare Software
Publisher's description - “Wondershare 1-Click PC Care, a powerful PC tune up utility to tune up your PC and let your PC run like new again.”
www.wondershare.com/pc-tuning
49% remove it
 
Powered by Should I Remove It?

The file core10k.exe has been seen being distributed by the following 9 URLs.

http://s7074.chomikuj.pl/File.aspx?e=v8PiaLrifVWz1yxXyZOYN1C8h6381R3qD5HUzPTuUVpg0-2LRcJxsOtUJ4iCXuL_nu_3J38Hs5nKtCk57QdaQuyrJoKVXFIrAYrqG_4Qt_mU8T2ORuRrEq4bWBYWc57J&pv=2

http://s10611.chomikuj.pl/File.aspx?e=weNJP89NeV0Blf5bFiPcPIvBsxZkZXdnoF81uox5fi9F1Z3r9etDEIHX4IVhhjK7QwvtwoC5WDeCBIs8S5G-W8vis-L6gn-q5kMYHaao3X3LV2fHkn6BZq2nz4g6XOQSZ9fzqukvycHp6Ch2TlZPqw&pv=2

https://onedrive.live.com/.../rEgHNswYd6sTMuI=4&ithint=.exe

ftp://myftp.iiita.ac.in/Softwares/windows/adobe/.../CORE10k.EXE

https://drive.google.com/uc?id=0BwTpqgAxLHnhb1l1NEZya3A3aVk&export=download

about:internet

http://pingu985.bone.feralhosting.com/DATA/RTORRENT_DATA/.../CORE10k.EXE

http://ge.tt/api/1/files/564whDP/.../blob?download

https://doc-0o-1k-docsviewer.googleusercontent.com/viewer/securedownload/nkupf9bncmtfaevmo7gtc7bolt27klse/uncsdtm437lq1bh0u6vanggnm9bpn5v3/1386666900000/ZXhwbG9yZXI=/.../MEItVUQwenZPTklMQVEwUkhhVVpUUjNkR01sVQ==?a=dl&filename=CorelDRAW.Graphics.Suite.X6.Keymaker-CORE.zip&sec=AHSqidYOfYtI85Y2fSZMvdxaBbGsaSQiOGRWXmkKzCH-0QXXkhVtffAm_K8E-XY50zQoldDIoQ7Q&rel=zip;z3;CORE10k.EXE

Remove core10k.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.