» essay_bibliography_setup.exe
Overview
Analysis
File Details
Downloads (1)

essay_bibliography_setup.exe

Essay Bibliography

Vios Solutions

The application essay_bibliography_setup.exe, “Essay Bibliography Setup ” by Vios Solutions has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.essaysoft.net.

File name:

Publisher:

Essay Writing Software (signed by Vios Solutions)

Product:

Essay Bibliography

Description:

Essay Bibliography Setup

MD5:

15ae00aa88c732219333d8a624610ecc

SHA-1:

126dfeba5f62eab1af5658d9002f7d0240014bd4

SHA-256:

4b30cbcefe72e4b049d3297262bbdf819530b9b1f1653021d5dec1ebd781ca8a

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/30/2024 8:42:08 AM UTC (today)

Scan engine

Detection

Engine version

Quick Heal

(Suspicious) - DNAScan

7.16.14.00

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.2.7

File size:

312 KB (319,448 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\essay_bibliography_setup.exe

Digital Signature

Signed by:

Vios Solutions

Authority:

COMODO CA Limited

Valid from:

1/19/2014 7:00:00 PM

Valid to:

1/20/2015 6:59:59 PM

Subject:

CN=Vios Solutions, O=Vios Solutions, STREET=51 Regent St, L=Eight Mile Plains, S=QLD, PostalCode=4113, C=AU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

318F5954CCE76A72C69C05A429186E04

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:6/QiQPXJJou/BaYgBpl7+hCnaTxUKsE9ceJRvcj68xhxXqo7V5/q/hAUfc:CQiGXs2clKhC2Iqjzva6WXd55yGMc

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8745

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file essay_bibliography_setup.exe has been seen being distributed by the following URL.

http://www.essaysoft.net/.../essay_bibliography_setup.exe

Remove essay_bibliography_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.