» icreinstall_installer_for_autocad.exe
Overview
Analysis
File Details
Downloads (2)
Network (2)

icreinstall_installer_for_autocad.exe

Lacodi

KORAM GAMES LIMITED

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The executable icreinstall_installer_for_autocad.exe, “Lacodi Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.citysafebest.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

KORAM GAMES LIMITED (signed and verified)

Product:

Lacodi

Description:

Lacodi Setup

MD5:

1685c1a6414a6c9bf9716457ee60d018

SHA-1:

af31b5634578dfa52d6b881848c7ee4542cd4e1d

SHA-256:

d5a3e356c062565ca925db228ab79192f06d420de3a4acccdfb2cd040306b405

Scanner detections:

1 / 68

Status:

Malware

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/26/2024 1:06:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.5.28.6

File size:

997.5 KB (1,021,432 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_installer_for_autocad.exe

Digital Signature

Signed by:

KORAM GAMES LIMITED

Authority:

Symantec Corporation

Valid from:

12/21/2015 4:00:00 PM

Valid to:

2/8/2017 3:59:59 PM

Subject:

CN=KORAM GAMES LIMITED, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

7E60950268CB02F219923ADBDE0484E2

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:4VXlBJgKcPOdzbCkvBuZDvZZoftas0bRVcauFVHT:4VVLgbmdzbCkvBuZ1ZGtaBRIVz

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9323

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file icreinstall_installer_for_autocad.exe has been seen being distributed by the following 2 URLs.

http://www.citysafebest.com/c?x=G9hzauq8bD3 P2pi 1XKcLMBBmTMdC7omxTl7CXyCO0=&c=iEaFMsis7L4eQks4pq5Yr9MrM1GX6kBbsks xovXgz8MQ9No DONn TzwQ4oHxRxxquccL 8Ysl3ET I5/XvCloRjo7G/p7lySXYAZTzlAdGo9U yEbeBXsLx61kvqyZ&downloadAs=Installer_For_AutoCAD.exe&fallback_url=http://lfiles3.afreecodec.com/graphics_design/.../AutoCAD2007Trial.exe

http://www.citysafebest.com/c?x=css3f3T gDNXNcTvPXzROy9GIhnSHie8HqzywUP64K0=&c=kyjFIiyMn8b2SX0HZKGySQQHQ MTSfJ5rfcbAeKFdhKMuenQVj4y1EdXfC7ksdlV38lYkCuMlzuIhGgojpQhcnCuQifIOXziXNipB1fTFob8YR9ZEMuVM9JEJ8NBCudL&downloadAs=Installer_For_AutoCAD.exe&fallback_url=http://lfiles3.afreecodec.com/graphics_design/.../AutoCAD2007Trial.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_installer_for_autocad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.