home

icreinstall_installer_for_realtek_hd_audio_driver_r2_60_for_vista_win7.exe

Lacodi

KORAM GAMES LIMITED

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The executable icreinstall_installer_for_realtek_hd_audio_driver_r2_60_for_vista_win7.exe, “Lacodi Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.citysafebest.com. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
KORAM GAMES LIMITED  (signed and verified)

Product:
Lacodi

Description:
Lacodi Setup

MD5:
b4d1e3f5f54e05b5411336d938d9b3a6

SHA-1:
87e54f0e6ae3cda1f4fe5885b0947c513302e013

SHA-256:
b102da41a112f3e2803a970821c51c9f1a766adb173241fd09567e101241e5b9

Scanner detections:
1 / 68

Status:
Malware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 1:15:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.5.12.6

File size:
997.5 KB (1,021,432 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_installer_for_realtek_hd_audio_driver_r2_60_for_vista_win7.exe

Digital Signature
Signed by:
KORAM GAMES LIMITED

Authority:
Symantec Corporation

Valid from:
12/22/2015 4:30:00 AM

Valid to:
2/9/2017 4:29:59 AM

Subject:
CN=KORAM GAMES LIMITED, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
7E60950268CB02F219923ADBDE0484E2

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:bVXlBJgKcPOdzbCkvBuZDvZZoftas0bRVcauFVHT:bVVLgbmdzbCkvBuZ1ZGtaBRIVz

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9323

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file icreinstall_installer_for_realtek_hd_audio_driver_r2_60_for_vista_win7.exe has been seen being distributed by the following URL.

http://www.citysafebest.com/c?x=JNo5nLI9bD SZMqoNo4ZLj3HjKMLSzf4B2dDWQrcJQM=&c=VP9RC16EFkN9WHCYq60nWzEX80Yz0tk6Uh/pK/CetIOiyySxmtvRC3vB2Wn5EHvK0orSB/ 2d9baXMKaBnQCOdrCmwe1Wemm0KuIqqKFBCFBryRmdE4QgxMW56Lea jZ&downloadAs=Installer_For_Realtek_HD_Audio_Driver_R2_60_for_Vista_Win7.exe&fallback_url=http://files.brothersoft.com/drivers/Sound/.../Vista_Win7_R260_x86.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.