home

www.softwareflashbulk.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
softwareflashbulk.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC (M)
100.00%

McAfee
Artemis!BD5D62FD0D73
33.33%

Malwarebytes
PUP.Optional.InstallCore
33.33%

VIPRE Antivirus
InstallCore
33.33%

K7 AntiVirus
Adware
33.33%

ESET NOD32
Win32/InstallCore.ACZ potentially unwanted (variant)
33.33%

Comodo Security
Application.Win32.FriedCookie.CIRK
33.33%

Dr.Web
Trojan.InstallCore.437
33.33%

Sophos
Install Core Click run software (PUA)
33.33%

G Data
Win32.Application.InstallCore.DI
33.33%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
33.33%

Baidu Antivirus
Adware.Win32.InstallCore
33.33%

Fortinet FortiGate
Riskware/InstallCore
33.33%

The domain www.softwareflashbulk.com has been seen to resolve to the following 10 IP addresses.

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
August 18, 2016

52.36.112.186
ec2-52-36-112-186.us-west-2.compute.amazonaws.com
August 18, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
July 21, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 21, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
July 21, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
July 21, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 21, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
July 21, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
July 21, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 21, 2016

File downloads found at URLs served by www.softwareflashbulk.com.

1 / 68      (Adware)
http://www.softwareflashbulk.com/c?x=a5Tkj/aCYxLIi4LmqoSraVK4MefrjgslPGnT6AdAQyQ=&c=yH Vl4rhA8N77mxJc Glc7UcboOlGvH1Eel8Tc9xUrLqbWGYzM09wVd78b466RRB1IYjWPAk/hVInEPTwTZQeqZA3/.../test.exe  (icreinstall_c.exe)

1 / 68      (Adware)
http://www.softwareflashbulk.com/.../test.exe  (98b68a1860666ddff8ca80453702e773)

13 / 68    (Adware)
http://www.softwareflashbulk.com/c?x=6Ma99 bqrbiVUhl /V CaPk9UTJB6ONMMkhVcDxVNQs=&c=1uVFAN8XeaPECB2e4rV9q a URzqw0CWkYbedG4M/.../test.exe  (bd5d62fd0d73113474519b0be4fb7c65)

The following 36 files have been seen to comunicate with www.softwareflashbulk.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.