icreinstall_abcc-free-youtube-flv-video-download-converter-3-0-32-bits.exe

DD Platforms

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_abcc-free-youtube-flv-video-download-converter-3-0-32-bits.exe by DD Platforms has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d.baixakifiles2.com. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
DD Platforms  (signed and verified)

MD5:
812a7b929c200fdef2d180d9a82e6dfb

SHA-1:
0981d313584ce632a751c0292a39c8550728f2b7

SHA-256:
676eeb438b263707bd56cb53631908395491525a1a7a4639b804743788c08633

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 12:51:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.11.10.5

File size:
674.4 KB (690,568 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_abcc-free-youtube-flv-video-download-converter-3-0-32-bits.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/28/2014 10:00:00 PM

Valid to:
1/29/2015 9:59:59 PM

Subject:
CN=DD Platforms, O=DD Platforms, STREET=Lilinblum 28, L=Tel Aviv, S=Israel, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F676B1AA996F644DD025A74F59353EA5

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Na4NFaRcPl/5UELPBL9Jf7mBZZEzMxCnrEJCs8z31SLtPiMtHhG6Kjs:N9FgW/jBL9pLAxCwJx8jY/t0Tjs

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_abcc-free-youtube-flv-video-download-converter-3-0-32-bits.exe has been seen being distributed by the following URL.

http://d.baixakifiles2.com/?ic_user_id=254&data=bZhDDUyJLUHyCstx/eMSUm0CHRmxk1gl02GdkTOh/dZ5pK1vpzXSh5qlq7eThavi8bw0df0LsvyFovhwfV1jNhjeOUqpRfrtModgl/uG1BLjN 1BV2m9e6qWAblgM6dsGfsJpqpusQ0Jz5aFZQJzytbcq3FaLcyOoZkSfHeIIPdr6pcSPYuhqgDY3cTADg17VDvNaesU2GSfmE2yhN/3OQcYV3bTntI0O98dyepBxH61Cr72O3UKnhr2MnYRL6qM1Hkjl/SaB8Uqskkk6GIsrQetjJ4VquH30pcJAxUHhDQQ W0GeuQQyTQ2aiqu4t/g33ZNxeHeSkhxrlS FhgH2ebw2emYGYkTWlpoIyHoQifaLpJkY//oMWwkh/Cdg1a9ERw2DLYSx9btanbnrBlKsq4yBE5bCBE3WlaVsN3J6lcHIkblSKbUOlsZZY2L7QVHHtfcm2K2/JcKl0BO/0FgFvpWIkE8ncLj9XYrHAGvYfEggu94M0ejsUVad7BDiJob6A/LWr9xNh9kV3KtpDN1JO1x1XtpbMKF9kESjXIdMDTpRI6j2D/Y5AjWWV 1Zx dxoraQldLus2NH1kWqVeVVRqg4WlRnVE4S53AYgUgdtOU3Fu4qqIoMO7yp OiHpzCllSpGtMqCAi/ZUCTU5bo3m/q4c9bJWCWclrTaf1Okr3g93XUuqFCqBobZZ97XecABpVsG8gQbCMZkbek7t//nZvq8DH 4K5SiO2seK9ubekQxSZN3kD1mi0/ Ruon21QyxjiasVCmwOJNMhOwvGQM5MvUYnTXqBBxw/xEi16F8ix75I25JUQxpmLpF9ZGXK&key=WscckCLV3o1UJ7pbIi5dIOQze7PE47o1VJpoouYNv0rlZd1HKpUsFTY8967ODO6Yc71D8RcPAnAopNER/.../2dhxJsyzWapAGjkcwTe22RnLR2

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)