icreinstall_java_update.exe

Internet

GERYON ADS SL.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_java_update.exe, “Internet Setup ” by GERYON ADS SL has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
GERYON ADS SL.  (signed and verified)

Product:
Internet

Description:
Internet Setup

MD5:
fb2865d33d0cac76f09002daf0e14941

SHA-1:
483845dd2e51fbb1d32a95a8873926c3b38e72c5

SHA-256:
4c0f24f9808514c3663376dd553d129acf01173714c4460051146caa04fc488a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 3:56:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.GERYONADS.Installer (M)
16.1.26.7

File size:
936.8 KB (959,248 bytes)

Product version:
1.5

Copyright:
Application

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_java_update.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 8:21:05 AM

Valid to:
6/23/2016 7:17:17 AM

Subject:
CN=GERYON ADS SL., O=GERYON ADS SL., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112181D069E2BE8A14952BA745AD05847F6F

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:cwuWn8Fr8VqQkjLw/DDOyADAs0tTaMywrFCWzkobiRS:cZW8yV7kXm1cgdaL2EW4oq

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9347

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_java_update.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_java_update.exe - Powered by Reason Core Security