exif-reader.exe

dobreprogramy sp. z o.o.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application exif-reader.exe by dobreprogramy sp. z o.o has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download4.dobreprogramy.pl.
Publisher:
dobreprogramy sp. z o.o.  (signed and verified)

MD5:
ac092505b2d062396d4932d2d39b5c0f

SHA-1:
f37e11b301cc956091dd7bba14a0878e49a2a2d1

SHA-256:
3c9d605c396648cf92bde4aa790a674145c2774026a5d7f7037b26135d5a457c

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 12:51:06 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.installCore.dobrepro (M)
16.7.26.2

VIPRE Antivirus
Threat.4788237
50750

File size:
648.9 KB (664,472 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\exif-reader.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/6/2013 12:00:00 AM

Valid to:
6/6/2014 11:59:59 PM

Subject:
CN=dobreprogramy sp. z o.o., O=dobreprogramy sp. z o.o., STREET=Al. Jana Kasprowicza 94, L=Wrocław, S=dolnośląskie, PostalCode=51-145, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EFC6EDE5717968B796D7BFF8BE2536E9

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:A7yMJfsGiW7JnRYOYtoBaRxVfzYk3NFu5L324NpyC+d4Yex1e0TeaBlJiF6:A7yMJfs0tWRcoJPnu5L10AxVeaPJs6

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file exif-reader.exe has been seen being distributed by the following URL.

Remove exif-reader.exe - Powered by Reason Core Security