icreinstall_plants-vs-zombies-2-4.7.1.exe

Cabum

Destiny Dream S.A.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_plants-vs-zombies-2-4.7.1.exe, “Cabum Setup ” by Destiny Dream S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.newsendbinaries.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
Destiny Dream S.A.  (signed and verified)

Product:
Cabum

Description:
Cabum Setup

Version:
4.0.2.2

MD5:
114681510514b2d1f7647bb91748f96d

SHA-1:
368c66318265d433f0e70c5ec77a0765d7e1ba21

SHA-256:
e7fd707f7262360bc2a9f7e94eecb457590512b407f6935d0dc11eaee16313c6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 10:01:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.DestinyD.Installer (M)
16.5.5.17

File size:
1002.2 KB (1,026,216 bytes)

Product version:
1.2.1

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_plants-vs-zombies-2-4.7.1.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 6:25:11 PM

Valid to:
10/2/2016 7:06:18 PM

Subject:
CN=Destiny Dream S.A., O=Destiny Dream S.A., L=Clarens, S=Vaud, C=CH

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A75EB912AE2167326222C18D9E2357F

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:rgvb1DA3WAmtJtxuO2uc2JiDCcFHNzwguP/KrepII2J4m:r8bd9jth2uc2M+cza/KSpI9Om

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9286

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_plants-vs-zombies-2-4.7.1.exe has been seen being distributed by the following 30 URLs.

http://www.newsendbinaries.com/c?x=br9mOkKZJFpJ/4kx37jmLjCdiB6uyJvxpc15SOF2jHY=&c=RKvj21YSsc/VrXkGEKJlKdbLFwKpObmrQv2dlRzYDQb ltq2Jfr8FWJcZP bPfGvwmvChV4Q8CtRc0Ju5vk8QukG4G9APZVEXF7xgXH8yUsC8bOwJz1BwCZiMENA58tqM FfAeCnbjONTKnWuqhjcg==&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

http://www.bestbinariesvaults.com/c?x=hQFchTPqRQFH5aXlWqBydwpZ0QEXG4H7am9JzbS8OUQ=&c=TsXboaLM65nRRssaz/8uCxjdYj/2Sal3iq L5yA 4xuC0HcDc/FCoW12G8MsQnkQVy5BxhVkZlsJqLUUL6gjjSIYghzI79u tum HXp2dGCe2YzIdLMsi2OUhZlEh7SP9OO7km8xd8C3U9CtRpKTFTp64D/ AIb5DwQQ3QNau6KHLKUoTJo7hIjw05DgfFlF&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

http://www.chucklecleandelivery.com/c?x=JHYaEmPfcR05VRJEbF6MX8pMCctPjaXL3MVvr7YwCZo=&c= vpq0LFE8njjMo QfiMLZ7SZg6RXnH 84nEebieE7zO5hpKGKDzOkrs HbwbkQrpGguog1vpk19pTZ95yg9IOL3b SoF1JYq5Q73xq6zw0cMNObF Y7Uxrl20ICCrxaegXn34zYp2hVOySY7lonPNzoaI Sc/ulWEKwLLyBXAdFXqvMsz1IrHg/7qCHIA9mc&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

http://www.softwarefuncenter.com/c?x=pXwLlTwyTVVp4yAf869jfAv/p7a1d8XJNHbA PU3mVY=&c=ZpbLVcF6iNdlcRjylhnK07KLAi4wvMVyeVd51jx5oBzL9xmF8XyNcqX5 q6OhLXSFlCHGB5cYL9saMVbDXNQaOvAt5lMtM7RJgP2icL4r7e07U ZHi7 ogoXkK 0nYfQVzqT /M9lyXvhcztk93nGdynFgIscRZMl1fW8ulYagtR8WTWgxx6GIpHp lCbRvN&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

http://www.towerbundleapplications.com/c?x=OyCrxPZ19EvF3vZTzHqaCFwU9POjH B3Ru5NlbMuJ8M=&c=KcbaDgp/pU75tG0aNs9v9cplI hOV03tblSLj6pdngeZXqkdtSv3S0JVNpAGOcQ6vsPziUglEGSMmN784nIZjGFz7tgvDY0i 2QlUwWjuC6BVUw6jxyEbWn1iX98bKZcdGCm34lzy3meURVc0fQl0oPp6iAYTxEMhdLg/vYuzsU=&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

http://www.downloadscentralcurrent.com/c?x=bBaUy/mstScn/V/CYwMZipFQXb3HH9giMP7uYiaxdUk=&c=S0ZDJkx74d0WAmt3mMWSnIMPoSVLEfd6z1Gf0Pnm3mTl5xFe0EQn/bGDvf4QaE4bMoGu4 yS Bj5TlzZu8H5f L5ZkBECgJZ0GqOVSlJQX0tr00Y23eI14B2 QXb4Y963GKP5a7uf7tg9S0lgOxakw==&e=0&downloadAs=plants-vs-zombies-2-4.7.1.exe&fallback_url=https://itunes.apple.com/app/.../id597986893?mt=8

Latest 30 of 30 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_plants-vs-zombies-2-4.7.1.exe - Powered by Reason Core Security