icreinstall_install-openoffice-2.exe

App program

Ideas Saas Solutions

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_install-openoffice-2.exe, “App program Setup ” by Ideas Saas Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
nuevos-programas.com  (signed by Ideas Saas Solutions)

Product:
App program

Description:
App program Setup

Version:
1.0.5.a0.1_33588

MD5:
8808818a35d7f6e5faf50124329d487e

SHA-1:
89a9dee4d78b7966f10bc6309b72b51495a6bade

SHA-256:
f57e195b7b3372c0e6a3062d8b63edaf73cd29a4eb4ac60659e1309972793644

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 6:06:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.12.18.9

File size:
706 KB (722,928 bytes)

Product version:
3.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_install-openoffice-2.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/9/2015 1:00:00 AM

Valid to:
1/10/2016 12:59:59 AM

Subject:
CN=Ideas Saas Solutions, OU=IT, O=Ideas Saas Solutions, L=WILMINGTON, S=DELAWARE, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
361A041B5677DE0A9EE4EDCD3AAA58B3

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_install-openoffice-2.exe - Powered by Reason Core Security