home

icreinstall_pchealthboost-setup.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_pchealthboost-setup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from download.pchealthboost.com. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
MD5:
4c7c42619eeec9b54b914256e678122b

SHA-1:
aa3d9b25c64a8d2e19261dade05a8561f7610b37

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Analysis date:
11/7/2024 5:56:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.Installer.Meta (M)
16.1.14.16

File size:
2.8 MB (2,888,696 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_pchealthboost-setup.exe

File PE Metadata
OS bitness:
Win64

The file icreinstall_pchealthboost-setup.exe has been seen being distributed by the following URL.

http://download.pchealthboost.com/boost/gcp/.../?dl=1&bst=1&tid=&ver=2.3.1.807

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_pchealthboost-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.