icreinstall_hamachi-2-2-0-291-32-bits.exe

Installer

Bumpy Apps (Fried Cookie Ltd.)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_hamachi-2-2-0-291-32-bits.exe, “Installer Setup ” by Bumpy Apps (Fried Cookie) has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Baixaki  (signed by Bumpy Apps (Fried Cookie Ltd.))

Product:
Installer

Description:
Installer Setup

Version:
1.0.13.30550

MD5:
0f80247d68a347f471d3464d4609ecb3

SHA-1:
8b0d0380c86ffdc7f83a17a7b3a7f4f62b0152aa

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 5:36:02 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.200.132

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15112

Comodo Security
Application.Win32.InstallCore.DL
20667

ESET NOD32
Win32/InstallCore.UQ (variant)
9.10994

G Data
Win32.Trojan.Agent.X746EO
15.1.24

McAfee
Artemis!0F80247D68A3
5600.6888

Qihoo 360 Security
Win32/RootKit.Rootkit.7e5
1.0.0.1015

Reason Heuristics
PUP.Installer.installCore
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V0103
7.2.12

VIPRE Antivirus
InstallCore
36552

File size:
679.6 KB (695,904 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\icreinstall_hamachi-2-2-0-291-32-bits.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/10/2014 2:14:20 PM

Valid to:
12/11/2015 2:14:20 PM

Subject:
CN=Bumpy Apps (Fried Cookie Ltd.), O=Bumpy Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B000FF2DA5043B97A16823C79402FCDC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:waopbhpAM3XI6da76QikQ7TE5gflVCo5jOptDbBY5IIAwfMC7DCgj/5BsqBDryK6:waoNhn3XNa7HCYgLbItDdYu8MjgL5BpE

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_hamachi-2-2-0-291-32-bits.exe has been seen being distributed by the following 4 URLs.

http://d.likelyaa.com/?ic_user_id=9289&data=BmlLjcUEDfFtP1 r4tWoKoUPBLr3T06Rb7AetMM967sRsDK0OJgDsrtMQiBfedvXdIVv41GXpEFYXzK/mSen/pdaWatP8UWGHCF1osNuCQRDnvB1O1Cp9A2kNRqjMaarJ7S85oe7Nexkslc7T4JEUHatDVSdI/BU2fh8emQvrGzjbXYC1bBGZXw3wtKLI S8HW8YXH3VxyeVJphiA2KNh4 9Fvgia7nmwjBY0tTBqnqmTkUqdFtf6TXUO1GeD9ie48cSqOadhZ3i/XNVeAx8Yg7cZH3ETQdRoPlInQs4xH6 b7l0OpRjOSQ3p2z8xeqVJXEfRq1MCwBfg8armIBHU8glODTH1 No/LWFS76qcKrqsXoDsKx7cptNjpXy0auMPSLR31FFEuigA6k8AoKn5UTL5gE FnEVtqL 3/QsuMK9ELf5gtQpzQRWDmfafF3LdWuMCr7lFwOZ88NJEA csLnbATr6jWejcblAUzYYFVH1xDqIe5da58rBq WiW0VPPJ1AaGHTKeEPoEitAtF3yeC8StR7uVCnvoCvQbu3snbpJbPTX64JbpQMb bmmzIcGiRzoYMVPtQlgs59S0BedjXKzHc5bKpKhI04zup/fOvml/wQtbj MX5g9rsc7umT8L3cYqnaFCHWBxyAPRTUaQ 41mWfL6rvbQWSuRHe5x9zoy4s1cuHJmW2ieH8vsYbJ9Wgz9R7q3K98uZZPDhU8PZteJNlhQiZVD0OCvhHgIvPiAqQCEvKQ4pyNxaEZg==&key=NSn93XaVBYPKjC2ibsITedlTVB09vOP7QftTsr0gyHq0JKbpQ46/zu9s4uTcYS8ijcqweKv2IynsNL3i4BOe9f7G5jPLjEwB7k3rpKJLjGeWc1gBRGQMjer9rZz1Cu0e0 gRAKbp/qU40z0Dd8/.../lsoaSlGwpgKoEiRb6GoaJU98

http://d.likelyaa.com/?ic_user_id=9289&data=HRQPQmfDuhd9Pe6hMhgNbKd/ifSE/HlX6aHkOU/9v56jOLEcdHFoODNSKydoMozaZ7Oaq51D2KpCCZYX8BqtSF9jcx7sEVr/vfiIxUZABPmo6kcEWdNY2apFNG4REA79AeiEAAepo5IkR9MKJESxxnaVALmac30HxI cxotFa2p3HT5uudPLlOc9Fxr2lStuxXTDoiFzbge nKRk6KJR Zo1Cdpg4HMy/4jYF/QqHMjvyExylO2P1XaXB307M6zJj5pKA8pfNH8EJK vB1mAXEXWmLpdvDogXOCqvQJPd/vCG0h8h /0SIkIhATrOWYOinL8KU5x2PXFsBhbDxZ9fMaKZokZqkw2UGI9lyU6pvzowje3wRIq UigcQONvDHA3yZ7Lqb1t6bcX6O1WqrqQbs0SpYjaprGDJ4vezSSdMFAvzfI97L/X4d4xvDVzftCdyzJdsYDu92D9Sw7283h21NREkrCjaXKLpv JGLHghbRJi23HL3VM0TX8SpbiyGZjpyQLdC cgL/mrlL0ACYRFpGrw6OBeHTnTHXnWBVHLzvYlCHZIgtHr/kKp05JMAzN2enADSH9IfAM9Bm5CbDO6UonOubJCr/kLeLml1ZVArbkVkj4OdhN96yG B0R12r4QJQGQcVCYjOMY9TkB/0ba33qJQa6422gYr8CKQ9so8c01bS/EvB5WJkLcExN5wC7RQZMnRxqVIkx4olFJDC5n3YZgfOOKOGtHisEYyb5y3s z6PPrbpCNTJ0UOEPw==&key=rvAaSDb9Ub9kcF8i6Fma xoLW6BpftxOSv211tYsKwl39uQxZclD TnTfegEwicBmy0QOU6BDEy7Pk QcxUoyZ3M5xbe629RDONCOXHmSLYhOchYjhKl0xRD/.../Ld

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_hamachi-2-2-0-291-32-bits.exe - Powered by Reason Core Security