home

icreinstall_5kplayer.exe

Lom

ConnectorPrompt (Alpha Criteria Ltd.)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_5kplayer.exe, “Lom Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Cesefu   (signed by ConnectorPrompt (Alpha Criteria Ltd.))

Product:
Lom

Description:
Lom Setup

Version:
5.6.1.6

MD5:
7b15e42c3d4392680b50dc16ab871375

SHA-1:
4c726d2f7ca5449e707d7f5e67a9fa94e147d3f0

SHA-256:
8d505b45c7bfc2170787f21abb27412d7b49bc2c34bd9389e189b05b06cdaaea

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/28/2024 1:28:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.9.19.7

File size:
984.8 KB (1,008,424 bytes)

Product version:
2.7

Copyright:
Program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_5kplayer.exe

Digital Signature
Signed by:
ConnectorPrompt (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:14:48 AM

Valid to:
9/2/2016 6:24:46 AM

Subject:
CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:QdgcMpDyxbo+mK9fTlnolhVTy0aZbrtkugux2TrhbICn:Sg/1ybdmK9poVoRyvq2TdbICn

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9016

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_5kplayer.exe has been seen being distributed by the following 11 URLs.

http://www.clearcentralmega.com/hjmQE0wSO6_hGEDB2alP5kIg7oLxQp0viCAFY qaOir3Gkdd7zAsgzpAY9inYIqFWD8ElL0iHxfK4gRKz00gC9GQPULT_c9YaWA26kPuHF6d8dzrX0HP RUmfsPOGM0XudpZPIsd1oCSe13NQIlsisMhmb L7BwYYXS6QMR0UVnVh3WORWUleaq0dFiiQ9PQz4oGalEY0TUGF0wtwp5lClo7Vz 6MtYWoURYTUdeH3y 5gS6asMyg5Ng_3dfXvVWHO25P 15qJxHHePbrNxOVhg21b9f1TGIorgXgCvOYBg9ohhnmlPEflaa1ZWuFGWAotunYDQMfYw28ySD4_XydIBUAI93Hl7bBE3mIWJbgFfEKzzoYs4kC7lg40zvB89CFw7d0s3l7mv CEFgyl6MACb7VCq8d19Kph3 Jt SCJFO1Is8LM1 glynfgpwhppJE9UKzY2Npxq3O9u58SAS5ArZKIKG7KptyLl2PrxQ8sEgC6aG8CxFASsJdMwlpI OOP7MsQFc4u1ResjwmaoXx_QQVgp iw==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/eain0WEJ3pBW3h_IOcL8hfsU_Y kReh_ddqi6fdb IsxKcSSQbCd7CrEjr6SSylnvPDTTKnRdOfD5cQr8NefXlAMnL7Yr0jWybHr9tK56cdeTnQbVUTwOA36ccje3MQQNG6cGgE494y1IwlBgPQOtzQbxyLoMGmtt876L2ZzCjV7SDRDJjFaeYUA2H4jGTdzfIbaQ7bXD43G8OgRRzHVIrwfQaIPbFP uJ1Rq2WQaKtgIlV_14lkVVRAqUZM1IotpIUJ_cQUqBqHyaa4Em ht8IbB3UwEKBsdUa2TwcPw3y0aheyLDzs_I34ndGAzaC7aiOJ0sustmoigtCg4Ll5NL8OPoje7xH9E8K86Esu25_OSwz3uZqpd5Qmpg1n9MPpUIvpZoDqLMRpQbXFQbXAZcH1Q0iWgV2wFfTfr4_RmnJsA7RqqV5oLvszhUgSwMHF9BB0TTp7 kdEnCUrBPeZuTh8voMN4dXgXpENFCITbzePFFVtpAE AookqF6udETzAs7PWHEtsfJI3uyWc3QJqOYrCQpPdw==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/zkpvX64XnO_TOh6D8ZBig31wdATLfHdib26JrKtDU4mzXrStCjpse072IYzKVezfT8 59koWIgufu9pFlZDG0P7lyi7uFtuS NiMXvIT_2jhl91ywE98A_9tQkDrDQwwgKOX1kDS3f20Tr7yiNIbAE_IBewzC1yb2PLajgBdIMmKfUK0uzf1DY1_RlM3ZJAFsoiDD0hVFJ1RBRYCRe0_pV0YlqNtrXvFpZqesL4a2W3lMZI6lOOxA6zX8b3XHBJNKsAgfxDaBmHGqCdc29do1tHfOUx_ SFBzAVvmUVGLR8PWMakob_2iNCWyitZnZeS6g4R2nzmvqtUG1djuSt4qr9q_xmXZ1Rapb4RQkxY_WfFUB8RD2c7NoALP2F6Zqbns_B7DLuZ8Ak72uWmCOuPmdMyiYRXO09Lp 1c95I4NNG4Nt2Dfy8TU8DCJze4T0NeXGU1 QfrZehnM3v_REepKPxPVxnDuFthH79FIQWpTwlpYv2 LZKU jX2slKT 2 BtDeee22SqNkYAaxqJB7eQp8aBcDKfg==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/1xOIqxXtvFYJNADTcH5SC1XG6Mj_odOGQdt1xbz4Fa8ocui5 hRzlKLrzfVSouQl_vjtv8EXaZ4244X4sa9f0TI7FziJtCy2Y31D2KflcyZci3AWY7hihhI8UrbULswWgGj3uQ2IWNuK8X0Mfj90EUmfzrCI0aMvNPTzbdM8tqMiFBr3r6AV1v4a7S7LGlvevmI0_fyb14CL2Sulgf5iyB5XdRWIY809wAvSPCuCiSVYVzLvM9iOwspF3Jr8T7xKYJJllLR2g6ymUjUlCj7GlS6Iak1VrdHqfa75eqk_CS1kY5PeJ6bLNZTN8rKVZUbYHhXmTLQ3j4ggn3jdT0eYBPGvlFjOjdTBk7FaJfkyHwttIezQEzTHNCSf8tjXJ4sG2RIpPr2mwz0kHi8M8WB8KxSRdRRNviY2xZJWcitZp4WHhoX9yLfqqUY_LnU3Bo7Vd2OomKkIAOs6GLNoAZ49V1SYm49p2LGO2IMMgs8Va3Es0ztuxBUMKeuWab 8qrQt5556WSsQMEU3_AdfUdS58MQoxdw_CA==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/N1ug IHzI3FCRsmDbPkIFmPyDKnc2Xrwk4MUsMTaYPQcWr51R8Cc7riZouevdJOWDdlAIZqdEu4O_fPXwlbnSzvh8o5igVmEvfQMkQKYHPEknPiJT629MWYa 1eWefklbCuvb3wJ7pNZfDQt5TNFyhrxnN6770BEmsFRco4lv3sOtBC2yHExLAA5rr6gFGDR3aLRAR U-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/ZOmzTQzlhqjZH_nDzQqY8WbSFBeqQAzVlWBFARgmyp50tWCBor37gzIHa_1U_QFLEE77UpcDTumvJKvtG5cqLk52LWJ66qOtfeE2PGzbSjJr6tWdxoAgy_NccYifaXQDjQvYdUqIBvNXiWNR_PT3EhzybmGABEwZYmx5Ct7DC98NoEJXhkEDLEGYNC uGN8zHsCET1vZ-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/jfhOqx9ca1fAt6wFrfENPFuiwdoET_2Ktv_G zFiHYReHcXTCz3awzJXFC4DhxeDlGKIpZfNiO5lC3_0QddRWZNqPza_oG6q3Voe07JN22K1Qc7r3UNlMMZN0XX4Jzva2JIJkm_WbQoL9sCQMVZXezsaurUbbdqOdlKfDdokrfKhqrdJDZiK8JqCJ3poqwbCU_x7HPy2gPJSTJWy_rVVXoIUDs9_19V XVZyfc nRHYbgwocoPJLEP8RTzpTz5EJx5i BeM_P9YsGKL6KUaboFxKNjyWqfjGtB_fwoKka3wyYmhyRfMxyHjyOWtTk7TFRCRyXrz3ghmKIfju yAHC SZuFM4Y9TbRRNpvfD1gMtEvp aNrwEmX4Bnpmk1fxpz ENK3qZWkQ4szqbrG7P5iRU5arxTpiyQSeEkCu_I8FcjTxRd_XHYk3jpz0FoOBmJMXsOAjkBdvbM_enqf0vRTGxDyPeC2gX9KSk1u8rM28W1jxpwg0A5mNsEnG3xnBBkquTU2KwgN6HCeSuh4D4W9xW33oM8A==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/tWuhK_anaFpxlrv0867aPs0t3X6sw9h9hL us4lWR5LCozLK_ xRC9o2nnTrZUnqKsKsIVB f4tMYWGc sY O2coT_WWNGo91nUBz8LGcAnZFxMZ yBolt7SZfii pHRDVEqJxW2uctV4Kvmg3Hu1vzREobSz3pM4ObRD_tyc_UTZhk QHEycMAuGry4ppa13MFWf_lZY2Pq0TpM1JncIhuiBmLsQMY6CFF8TteJBGMSG0Ba430bR6jwiFE NazPI0mThIdI__Veeh9SA7tJpQhC5RBbKkDAo76zpCprpTOkUKzwGw1LSvwtpKCbdX_pWm5DGzsYKmY8uArqUSRNNb16Ifsah12MabIsmbBttBze9z90Ne6Zg2MuNRnyoCc06dHzh4PNIKXOlM45QwuFiqJmpf5fD6HLrARfRIx2X9qBR2YyeHtemICQ1BkVTJ_pcLakPV7oAmo2HVAAz9MdnwHh8lZNSv7wqcdkh6A6m9Jhmu6wRmikH5zcYE5 7627eH9JxWt_BthfeDoPmuGWv7ztIUo6DQ==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/7yb_Fv5K7cayktnHqxq68UZ00BMbQxB2WTS5ELT3a3VLPlj1zyGDhYNjsNZGsuF0NlGirL qy0A0GwP9NVJ6CVHRdcJWFJoaM5kqoUYUvVyGs60f5Ls5lfm9B4mU5acfT TzBnABRYdc3o2PEgA7td 3XXOXtCvuDt6WRkgo3WsIobd3R6LesIOTVyw8zgMa3_uIDZ30pJqikW9aeyk4ixPzmZpoF5uqjesr_L0PoTdvLiLeiawRgxtFURGmQFcaZtW825fc8KHrm58kpCOwf_GTvctE5m1AlkFk1ThKViD8FEi0rbxfinIxR9rerfGW6Mg3Oz_LrMztu7cAcD062qtZOerRV35wOnnxFeLzsxEaAALGitOLFIdmTUMSIyCzTC2Ymi8Ueo6dG80H4pbwtqvcFS7D ZKpXQqYda1ZlSjbqCl5ZQ OaBZRN lyGcVMwQZ bl9KB7RXNvRfpJdj6cH9uXFe_KRz8gAQ63J6eG9Ugo9larKP44s66_aWmfULqWEPLeanA0ymcMX2r3Mdrtte98j7xg==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/pPYfo 3_TUgKX5XpeyiQUjGdETRNsW161SPwIOT06ZcinnwHkBTMjEXsewnJgQEIMlJh3cxk4ekizbpQFttH4zT_osR1eTLakRyiRM6K7KaF3G2x4JA KX9vvMymMihU3KIe7ZyWE9A4V4Pv3i9Kr hkhwEkNxmMojIXZyHdCFR7BHY6KD0G0WRcSkXKFVKaZ40j0OyBKPykdJFfzQskHqV klpWy8NxZ2b_cCfi9HjHP7mCfc6zb4ep_Ovc LTeLoIsvxbH3CBxb1YWEtU9jPIZ1Tl4A_fgVntupdpDAkq fNGuDpK2JHc4XlPhAhLSEMXwZogZoZQMZYHEYsLp cNinIW09p_xPuE1Bfeq MxE 0Zq_aMfm_tA30Nrlkk2i7QrzXHSOkzL691uh1GTP6V52XRanfvqwI5iTc0zp5KbqeFda738oybjYResSOOW7sLuPUoQapayWzSogXMNUDywgWArMe3LiSMPd1ZG1eeSxATdXomxKqRF2xk1RCVNAEI UQXT6E8RgWl80SBapewZEHp Ow==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

http://www.clearcentralmega.com/u4vwhOZelA3uIyohdYm5Vgldsyu2fATCS_YjV77oxX2OVfh5npA4KdfeSIcNPesPBT0kJj_cyXqBHCs_LVNc2pfbYfRwGB OstpLX7Lj5BjUnEWDZxhe9_vrRHHl9NEBsIS4cl4sLaFEO2ca9t1mOgU3tEcBJlUV6Q09sugN5HVMNGU rh2ywmGHMF36zWeKcHFE115pWKN7E5ky 4L1ChpitGBRDK1IddeKUlwvvsVvLN27AsdzMmXjs5YgHWFcwOFuZNZxM8n9Biqvu_IKvj1RsQkkK_K39_8VdQ7u2B4tw0FKqWfKM p 5dFzZ_Bea2HZfpPZxLxF nzGtqShcTXN2LGrWALVIQRoA8n I9RCWj8sZdlYIZHyX aJMjZa5oAnAaIYPPjulyiK1 TupMiloqvKR B217FU8TDSlbMyqN5HAzm02lLmhDvUHQRUi0_TeWaGyLLbOUH2KQzUxO_am6Tgwui6Er_Ed6PONYo7z6IWhIc60S_SSHPvSisnBNiklaJf FCFFCBrMUYwCbgrSAfn5g==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_5kplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.