icreinstall_baixaki_zero-ballistics.exe

web

No Zebra Network Ltda.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_baixaki_zero-ballistics.exe, “web Setup ” by No Zebra Networka has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
No Zebra Network Ltda.  (signed and verified)

Product:
web

Description:
web Setup

Version:
1.0.3.0

MD5:
716e98c5292c940bb4a4c5da63aab511

SHA-1:
79128b9f28c749ceb3a9d3e939ed70c1460b7588

SHA-256:
d0f1e393bab7a121a6c21ed34f37a61199e6be9347857ab476ca1a7403753bc8

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 5:19:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.9

File size:
1.8 MB (1,835,384 bytes)

Product version:
2.5

Copyright:
Prog Software web

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_baixaki_zero-ballistics.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/14/2016 5:42:36 PM

Valid to:
6/11/2017 12:34:11 PM

Subject:
CN=No Zebra Network Ltda., O=No Zebra Network Ltda., L=Curitiba, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218A29043D97A4BC57F62FED8B90559582

File PE Metadata
Compilation timestamp:
10/9/2012 5:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_baixaki_zero-ballistics.exe - Powered by Reason Core Security