icreinstall_alcohol120_trial_2.0.2.4713.exe

Alcohol Soft

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Alcohol Soft  (signed and verified)

MD5:
f39a36a0bc2dce938036e7a15c326913

SHA-1:
bf2ec77c2af4f7beae2020aa7f3f2882768f89f1

SHA-256:
d2b00f14ea3737b2435aade4d7f1cd6733a3b8bef40588ab2712e2704f3ebf4e

Scanner detections:
7 / 68

Status:
Clean  (7 possible false positive detections)

Analysis date:
11/14/2024 3:14:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.121.86

Bkav FE
W32.Clod3fc.Trojan
1.3.0.4613

Dr.Web
Adware.InstallCore.72
9.0.1.0357

ESET NOD32
Win32/InstallCore.AX (variant)
7.9190

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.131221

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.24.3

File size:
1 MB (1,098,120 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_alcohol120_trial_2.0.2.4713.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/10/2012 1:00:00 AM

Valid to:
10/14/2013 12:59:59 AM

Subject:
CN=Alcohol Soft, OU=Alcohol Soft Development Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Alcohol Soft, L=Belfast, S=Antrim, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0EEFAA2A5FC37BE316951AA9F8651331

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:UPjfbWXV6fA93qcUnNSfMniPhPmHbbnnCMSh1fG:U7ZA93ynIMiPhPm7bnCMSLu

Entry address:
0xCA8F0

Entry point:
55, 8B, EC, 83, C4, F0, B8, A8, A2, 40, 00, E8, 9F, DE, FF, FF, 61, 6C, 05, 00, 00, 00, 00, FF, FF, FF, FF, 90, B0, 10, 40, 00, 0A, 06, 53, 74, 72, 69, 6E, 67, BC, 10, 40, 00, 0C, 07, 56, 61, 72, 69, 61, 6E, 74, 8D, 40, 00, 14, 11, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 14, 11, 40, 00, 04, 00, 00, 00, 00, 00, 00, 00, 78, 37, 40, 00, 84, 37, 40, 00, 88, 37, 40, 00, 8C, 37, 40, 00, 80, 37, 40, 00, C8, 34, 40, 00, E4, 34, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
828 KB (847,872 bytes)

The file icreinstall_alcohol120_trial_2.0.2.4713.exe has been seen being distributed by the following 19 URLs.

http://gsf-cf.softonic.com//bf2/ec7/.../file?id_file=22703&channel=WEB&instance=softonic_pl&type=PROGRAM&fdh=no&SD_used=0&Expires=1376448002&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=OE37jvyupFP9TvDULQFBXNfbMJCZNSYuR6reooOFb9fTMHhdFzIuLoGF96q57CXnwvM~wpzQAgRA~O~vATYHimKZZiSpUuYWPdKO4KCiI8AIoH0MZgRmlmQjcds1lJjIM4lSBhL3bH09dR4gNXJG9unmZcpsDjM4Jm1tB7XK9Ug_&filename=Alcohol120_trial_2-0-2-4713.exe

Scan icreinstall_alcohol120_trial_2.0.2.4713.exe - Powered by Reason Core Security