» d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d
Overview
Analysis
File Details
Downloads (1)

d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d

Program Setup

SecuredDownload

The file d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from tmpfile6038.s3.amazonaws.com.

File name:

Publisher:

SecuredDownload

Product:

Program Setup

Version:

1.0.5.a0.1_57340

MD5:

5113d4aa90a9c337c25ec31471ddc575

SHA-1:

6ed0cb505ea48fcef3c10b7df53d1afb540ed99e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

12/26/2024 5:25:07 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (L)

16.7.16.22

File size:

925.5 KB (947,704 bytes)

Product version:

1.0.5.a0.1_57340

SecuredDownload

Language:

Language Neutral

Common path:

C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d

The file d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d has been seen being distributed by the following URL.

https://tmpfile6038.s3.amazonaws.com/download77/ic_trackings/36701/.../bluestacks.exe

Remove d85f6f53-d9d3-cd2b-8125-5ce8b80c6426_1d1b4cef941622d - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.