icreinstall_flashplayerpro.exe

Program Software

Mow Digital Ltd.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_flashplayerpro.exe, “Program Software Setup ” by Mow Digital has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Generic Software prog   (signed by Mow Digital Ltd.)

Product:
Program Software

Description:
Program Software Setup

Version:
1.7.5.7

MD5:
235aa0bdd00a06e46b7cc2f5e1dd42a9

SHA-1:
97eb5d434cbffa3fbe16ced2faabaa06cd22fdc1

SHA-256:
cdbc42e10c9fe63bb439e665b4d41a73797a29c9e726c3ab8f30138e3e39e552

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/30/2024 9:04:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
17.1.17.23

File size:
945.7 KB (968,424 bytes)

Product version:
5.6

Copyright:
Internet Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_flashplayerpro.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 11:56:15 AM

Valid to:
11/16/2016 1:13:29 PM

Subject:
CN=Mow Digital Ltd., O=Mow Digital Ltd., L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211B604EAE60789482AF4EF2C27070B7E2

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9319

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_flashplayerpro.exe - Powered by Reason Core Security