home

icreinstall_hamachi-2-2-0-291-32-bits.exe

Installer

Bumpy Apps (Fried Cookie Ltd.)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_hamachi-2-2-0-291-32-bits.exe, “Installer Setup ” by Bumpy Apps (Fried Cookie) has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Baixaki  (signed by Bumpy Apps (Fried Cookie Ltd.))

Product:
Installer

Description:
Installer Setup

Version:
1.0.13.30550

MD5:
0f80247d68a347f471d3464d4609ecb3

SHA-1:
8b0d0380c86ffdc7f83a17a7b3a7f4f62b0152aa

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 10:25:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.695904
7.11.200.132

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15112

Comodo Security
Application.Win32.InstallCore.DL
20667

ESET NOD32
Win32/InstallCore.UQ (variant)
9.10994

G Data
Win32.Trojan.Agent.X746EO
15.1.24

McAfee
Artemis!0F80247D68A3
5600.6888

Qihoo 360 Security
Win32/RootKit.Rootkit.7e5
1.0.0.1015

Reason Heuristics
PUP.Installer.installCore
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V0103
7.2.12

VIPRE Antivirus
InstallCore
36552

File size:
679.6 KB (695,904 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\icreinstall_hamachi-2-2-0-291-32-bits.exe

Digital Signature
Signed by:
Bumpy Apps (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/10/2014 2:14:20 PM

Valid to:
12/11/2015 2:14:20 PM

Subject:
CN=Bumpy Apps (Fried Cookie Ltd.), O=Bumpy Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B000FF2DA5043B97A16823C79402FCDC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:waopbhpAM3XI6da76QikQ7TE5gflVCo5jOptDbBY5IIAwfMC7DCgj/5BsqBDryK6:waoNhn3XNa7HCYgLbItDdYu8MjgL5BpE

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_hamachi-2-2-0-291-32-bits.exe has been seen being distributed by the following 4 URLs.

http://d.likelyaa.com/?ic_user_id=9289&data=BmlLjcUEDfFtP1 r4tWoKoUPBLr3T06Rb7AetMM967sRsDK0OJgDsrtMQiBfedvXdIVv41GXpEFYXzK/mSen/pdaWatP8UWGHCF1osNuCQRDnvB1O1Cp9A2kNRqjMaarJ7S85oe7Nexkslc7T4JEUHatDVSdI/BU2fh8emQvrGzjbXYC1bBGZXw3wtKLI S8HW8YXH3VxyeVJphiA2KNh4 9Fvgia7nmwjBY0tTBqnqmTkUqdFtf6TXUO1GeD9ie48cSqOadhZ3i/XNVeAx8Yg7cZH3ETQdRoPlInQs4xH6 b7l0OpRjOSQ3p2z8xeqVJXEfRq1MCwBfg8armIBHU8glODTH1 No/LWFS76qcKrqsXoDsKx7cptNjpXy0auMPSLR31FFEuigA6k8AoKn5UTL5gE FnEVtqL 3/QsuMK9ELf5gtQpzQRWDmfafF3LdWuMCr7lFwOZ88NJEA csLnbATr6jWejcblAUzYYFVH1xDqIe5da58rBq WiW0VPPJ1AaGHTKeEPoEitAtF3yeC8StR7uVCnvoCvQbu3snbpJbPTX64JbpQMb bmmzIcGiRzoYMVPtQlgs59S0BedjXKzHc5bKpKhI04zup/fOvml/wQtbj MX5g9rsc7umT8L3cYqnaFCHWBxyAPRTUaQ 41mWfL6rvbQWSuRHe5x9zoy4s1cuHJmW2ieH8vsYbJ9Wgz9R7q3K98uZZPDhU8PZteJNlhQiZVD0OCvhHgIvPiAqQCEvKQ4pyNxaEZg==&key=NSn93XaVBYPKjC2ibsITedlTVB09vOP7QftTsr0gyHq0JKbpQ46/zu9s4uTcYS8ijcqweKv2IynsNL3i4BOe9f7G5jPLjEwB7k3rpKJLjGeWc1gBRGQMjer9rZz1Cu0e0 gRAKbp/qU40z0Dd8/.../lsoaSlGwpgKoEiRb6GoaJU98

http://d.likelyaa.com/?ic_user_id=9289&data=HRQPQmfDuhd9Pe6hMhgNbKd/ifSE/HlX6aHkOU/9v56jOLEcdHFoODNSKydoMozaZ7Oaq51D2KpCCZYX8BqtSF9jcx7sEVr/vfiIxUZABPmo6kcEWdNY2apFNG4REA79AeiEAAepo5IkR9MKJESxxnaVALmac30HxI cxotFa2p3HT5uudPLlOc9Fxr2lStuxXTDoiFzbge nKRk6KJR Zo1Cdpg4HMy/4jYF/QqHMjvyExylO2P1XaXB307M6zJj5pKA8pfNH8EJK vB1mAXEXWmLpdvDogXOCqvQJPd/vCG0h8h /0SIkIhATrOWYOinL8KU5x2PXFsBhbDxZ9fMaKZokZqkw2UGI9lyU6pvzowje3wRIq UigcQONvDHA3yZ7Lqb1t6bcX6O1WqrqQbs0SpYjaprGDJ4vezSSdMFAvzfI97L/X4d4xvDVzftCdyzJdsYDu92D9Sw7283h21NREkrCjaXKLpv JGLHghbRJi23HL3VM0TX8SpbiyGZjpyQLdC cgL/mrlL0ACYRFpGrw6OBeHTnTHXnWBVHLzvYlCHZIgtHr/kKp05JMAzN2enADSH9IfAM9Bm5CbDO6UonOubJCr/kLeLml1ZVArbkVkj4OdhN96yG B0R12r4QJQGQcVCYjOMY9TkB/0ba33qJQa6422gYr8CKQ9so8c01bS/EvB5WJkLcExN5wC7RQZMnRxqVIkx4olFJDC5n3YZgfOOKOGtHisEYyb5y3s z6PPrbpCNTJ0UOEPw==&key=rvAaSDb9Ub9kcF8i6Fma xoLW6BpftxOSv211tYsKwl39uQxZclD TnTfegEwicBmy0QOU6BDEy7Pk QcxUoyZ3M5xbe629RDONCOXHmSLYhOchYjhKl0xRD/.../Ld

http://d.likelyaa.com/?ic_user_id=9289&data=8k6WL1VFruTIXoRFWWaZN1y6xiDm6QlmLt/2urdYg8XL9GLYTdGMPMu8eG7VuCVUK43nCcnCQK wsj5VM4heLqVniwspSY5iPhWQXRpqzV lla43K3meo0SwLgWnWMQVlPl3gva5nQH58bDQxXV7qqHjgaenuEtgJKhxPyK1oO/3GlNDRN0PXGwPXaR59toFuXuTpOuP8VYI/ZQ7ZG5aO3R9wXE9/MrleEoQ9DVTjj3xINE HgQFKyXezf4ijqkH4PNTOA7L Rohgriv1K/JkIOsqeVibxNDuTzZ8nSIo1prk1zgX45Mv0z6d7LPasM6nDbW40tzwQKc0m68swGhukhSMPzC/QY/LT/jLq3Snwsv/1iJdKtZdA4t wntrQ28dITP4oS1r3c5H2fuw5mJzX dBbaTWI7ZPYEknT/MyWfpoZ7TsoiyDsWX18TCjy294ZBVNorQb7yJOxWXgfIMPuEaGsaxp/omtMGQqy6TDQHJ/xzNTaMlNlCYiSH8uHOcbK4Sx2kNaeEMbK9MaeoO3Ff9kJYtNcqX2fznA58ev62TzlQ4n0/lTy6G4Pjh25gbcJE1lycjuz8xatqDZNALNHLj7TlW0GMlmlcVUiDHvPmdVNEUV9bncfZm9UbGneH0g4vbNfIU4/CIBCpjsYaUjoT3RmNlikBuOz3t7xXWMO9fkr7I7Boanuoqpqu2mQzoQUsPDewRbyBLcDh5nEJaUtjQ9dGNojeg6ywbPLa/MPlaYvGJ93kjbIUaxBeWQ==&key=p7KlR24lom9/.../jYTGnZXR4WdA Zes3tLAfpswjlNqwjTIlkjkDQMz0cZPNCMMD2SpMSUDiQdgMaU8DZIOTRrl

http://d.likelyaa.com/?ic_user_id=9289&data=U8wBQ04nvGRrEFFq6V4OkAfHlgV454yiRnvOpavQ/vPbG6LFz TEBkJAfPg9wijHipL 3iVTIJCFMf7J/FRztC0pyfFrn ciOGtEad8TYplPx2JfhbNLpmYOsaphv28WNSB9QfY4EE7wWHDPCohP0fZueUhJChbS/XJU71aoUhb3rxR5NmxCbuvDVXC7cDozlpdc3W XB7a55eEpq69kBrVNN4bDyV8 Z1IUUl5Wvvc1PD8WyhgPCHVqfEPEJhdjI6gKQOCe4bydE7PlO1nD2zc4Sc9okRjZZVQJq5844tnhTTUJ/tRtTVEWGptVIzp7a2 iEdNWHbpmZa2EEtlXZi8IZMiRnQ6zn3PufVJK28p99BxCRPxrWqi1s4si17N1/EYDv1Xz4uTB50itkjPEUeqq3EEUo6JecVeIjOWk8onnR/QwFZreNzEwrUFDi2umGNKNG41w7pHVnXaXrW3XBVvn FJQxvnBrwJ2llLoHIK9mHk77REqx3CvR2j0JmFtTDkGZ amBj39TkbktlgVUP0GjI6zl eIt no2j qWhVyGE41K0AD2UvcH0sqdBdwJd0gKH2vYGzpi2Pu /LvKgp 2/GUsO2R2IQNqf3vKutqZzoi7UkWfD1iwuJ46ro9OgnSk2ruQNTI8m/G4DyoRbBtgvlr8w1DJWKqj/9CA5Wj8UoMmyToq/PWZSXNaCeZ qpawPRzA9L07S/Eik jGiAjm7uSPSCmZzJb0MFqGPo4DbNGP17ZY2q4Paug==&key=BlWqKMZnb00bJ6vKm39O5cdf0JZNgf067BEPvCRYpQQ1W6PP1uQKU6oFZhhOo6JROXk 5DgoB0xJ/.../F1PhkkyQb

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_hamachi-2-2-0-291-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.