home

downloader_for_alcohol120_fe_2.0.3.7612.exe

Generic

Alcohol Soft

The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.alcoholsoftfiles.com and multiple other hosts.
Publisher:
Internet Software   (signed by Alcohol Soft)

Product:
Generic

Description:
Generic Setup

Version:
1.3.3.0

MD5:
a001723f23bce59afbf60c75687fb087

SHA-1:
da88308bdaaec3777c7a06b66c891b693630ece2

SHA-256:
797b1afb99b028fa6c8f8c7aac06cd3b39b7461981a8acb332bb4c2126a2f658

Scanner detections:
1 / 68

Status:
Clean  (1 possible false positive detection)

Analysis date:
11/23/2024 10:05:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
16.3.5.14

File size:
723.5 KB (740,888 bytes)

Product version:
2.6.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Digital Signature
Signed by:
Alcohol Soft

Authority:
VeriSign, Inc.

Valid from:
12/1/2014 1:00:00 AM

Valid to:
1/31/2016 12:59:59 AM

Subject:
CN=Alcohol Soft, O=Alcohol Soft, L=Belfast, S=Antrim, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3E62118EEBBB1EC81C14C0CC4CAE2192

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:gcCavuZimFLYrzsWvpF6Iw1pfGjtcZOMjUcJMz90OGBxWeT4BBfFIW5fYEUF3u:gcCQuZiHsWxF67UtBMjU+Mz8x7TWfFIo

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file downloader_for_alcohol120_fe_2.0.3.7612.exe has been seen being distributed by the following 10 URLs.

http://cdn.alcoholsoftfiles.com/c?x=8aZ0CyhOplHDMX4/dcWm2mLcGEIsH2Exo5s/aw7wcFE=&c=TV1d3x7YYW6vp7XkvQQ73S/f63fekYu4mt now/w/.../84wTk 1w6KXaqWij2Fq3yB6ZCfnFMOOiArxwp9lT7LFh7xQLB&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=y03NIA9iJSiLVCBj9NDNbJSICz7tW3C18W6WTh9FQ I=&c=kbvN0SYLpU/dqkbubvzDwwSu2/.../AhJvfSbXIxKOXAizdfovrCuKxuYAK3jxpQqcFaMpe4JIBiTBI145SF0r1o9CpmUt2UR X9x9Z xwLOBavjfB 6CiVN0i&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=mm2hWWWByPVrh6DjbmAptInyVYaGFAoTd390q64RP5I=&c=pcmWiI7U1TWN0dRl22 7WAWgxc8HonGY5Hb2Ep6u5a/30rLic9mIA1f2IWPjIq4Bks98to1R5tvsDh/.../Na8Q==&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=Z69tCY/.../2fV3OSZYCQJ1IkUO8lw6WZllfiyQ98nWYb drSbrqvpUFdGQFR4lLOudouPG584daG3eoiHAbQQh&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=GRrAnVofYMMMKy3bU FsgLdEVjtpNHuz7dhhIAjn664=&c=Sncio6voUDehfcM6jKFF95a4mhn59VueOvZVl/XZDmPayvz6TiXN n2DcXe5Ay7/.../uqI0wWGn01XOT&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=SNP5dd5fJvoCWs6QC39vebvFdJnWqDATPDzMS6DdVPk=&c=gjw9ybODbH/aUKdd2taWN9PXdS7RpFGlFHydk/O72jytYBIfIRGi5 csiO/Pvg1Cs8oJ42W 30Lx9dkHxHAZFVZn3vq/cvcdCNZeBS/.../9s1jw&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://cdn.alcoholsoftfiles.com/c?x=4/XHNb3xBogjPQtDB62PlvrwIiZg V92/paUz16XaqY=&c=dBrjQlAtfwUK37Z4/c3lsRBwsRLmW//TkLe4EB9xOn7vLikNoQX9ucpOKovwGEOHLIDHTscqvXuf6MwDwSPgVg==&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

http://www.filefacts.com/.../6120?sfadownload=1&psid=176987450

http://www.filefacts.com/.../6120?sfadownload=1&psid=178073249

http://cdn.alcoholsoftfiles.com/c?x=oMdYve79MzdRVToY1UGpOMdLWpj57Cuu/FpFY/2dnvI=&c=rxdK9aQyc824bpFLcstmD1mu21d tdIEPHSwq 5zfQjgRA3BH2Oy20qJ/.../P9Ixvlw==&downloadAs=downloader_for_Alcohol120_FE_2.0.3.7612.exe

Scan downloader_for_alcohol120_fe_2.0.3.7612.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.