icreinstall_cheat-engine-6-2-en-win-setup.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_cheat-engine-6-2-en-win-setup.exe has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
2544e376bbd36a5e3ccbf6be0432d6c6

SHA-1:
d082d8e59de2f2ecf43d04e6028773d0e71aaa5f

SHA-256:
d8f0c0bd77409a60029f4f4142f8cf7dea91ca60189402687ce8e6ef29c98281

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:58:31 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.122.176

AVG
InstallC
2015.0.3423

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1474

Bkav FE
W32.Clodb40.Trojan
1.3.0.4562

Comodo Security
ApplicUnwnt
17520

Dr.Web
Trojan.Packed.24524
9.0.1.0185

ESET NOD32
Win32/InstallCore.BK.Gen potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
W32/InstallCore_BK.gen
7/4/2014

F-Prot
W32/InstallCore.R.gen
v6.4.6.5.141

IKARUS anti.virus
PUA.MediaIngea
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.174.10656

Malwarebytes
v2014.07.04.03

McAfee
Artemis!EBE71C60DD6C
5600.7079

Norman
Kryptik.CDMO
11.20140704

Reason Heuristics
PUP.InstallCore.Installer.j
14.7.4.15

Rising Antivirus
PE:PUA.XPACK-LNR!1.5594
23.00.65.14702

Sophos
InstallCore ToDownload
4.95

Trend Micro House Call
TROJ_GEN.F47V1208
7.2.185

Vba32 AntiVirus
3.12.24.3

VIPRE Antivirus
InstallCore.b
23870

File size:
602.2 KB (616,648 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_cheat-engine-6-2-en-win-setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:QUgMJfsGFoLVqBd1tVCGzU05NtAoDOZ00QR69g/OEVWHL8s:wMJfs+eVY1TyTTG4H

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.8243

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file icreinstall_cheat-engine-6-2-en-win-setup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)