icinstfr.exe

Installation d'Install Creator

Clickteam

This is a setup and installation application. The file has been seen being downloaded from 113.171.224.170 and multiple other hosts.
Publisher:
Clickteam  (signed and verified)

Product:
Installation d'Install Creator

Version:
3, 0, 0, 51

MD5:
addc14d3f481f9535a9e6870f79c4174

SHA-1:
58abc25c3e9b5f620901cd21869b05e2e15c272f

SHA-256:
037a9b7ab13ae85f7abcc08217716d8639e922c58a4a1c1996d46952612229f9

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 8:37:13 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

File size:
2.6 MB (2,731,896 bytes)

Product version:
3, 0, 0, 51

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\icinstfr.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/8/2014 4:00:00 AM

Valid to:
12/7/2016 3:59:59 AM

Subject:
CN=Clickteam, O=Clickteam, L=Paris, S=Paris, C=FR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1E471F7BED57B969BAF0169203B9CF63

File PE Metadata
Compilation timestamp:
3/26/2015 7:53:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:ahg623RMml/ZcBQpIULbVjJqOBBkRsiSUJ4wKV2lttH3JM8Z/:Mgz3WEhcSImb5lEsiSUawZltVV

Entry address:
0x25437

Entry point:
E8, 86, 60, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 82, 43, 00, E8, 43, 62, 00, 00, E8, 1F, 02, 00, 00, 0F, B7, F0, 6A, 02, E8, 19, 60, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 07, 1A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
194 KB (198,656 bytes)

The file icinstfr.exe has been seen being distributed by the following 3 URLs.

http://113.171.224.170/.../icinstfr.exe

http://113.171.224.212/.../icinstfr.exe

Scan icinstfr.exe - Powered by Reason Core Security