home

icsetuptrial70.exe

FileStream InstallConstruct

FileStream, Inc.

This is a self-extracting archive and installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
FileStream, Inc.  (signed and verified)

Product:
FileStream InstallConstruct

Version:
Trial version 7.1.0

MD5:
6c98f202829533875897516784df5bb0

SHA-1:
aab41bdaab650dc6433dd6fa6bc5350812bcab8b

SHA-256:
41feba1bbe95ee96f870402190353a6a80e87a02989478cb84786d5ad1e2ca54

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 7:03:54 PM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Adware.BrowseFox.Win32.128577
2.0.0.3021

File size:
4.9 MB (5,159,376 bytes)

Product version:
Trial version 7.1.0

Copyright:
Copyright © 1999-2009 FileStream.com, Inc.

Trademarks:
InstallConstruct (TM)

Original file name:
install.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\icsetuptrial70.exe

Digital Signature
Signed by:
FileStream, Inc.

Authority:
GlobalSign nv-sa

Valid from:
12/5/2009 5:56:00 PM

Valid to:
12/6/2010 5:55:58 PM

Subject:
CN="FileStream, Inc.", O="FileStream, Inc.", L=Glen Head, S=NY, C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001255EEE3F00

File PE Metadata
Compilation timestamp:
12/21/2008 5:49:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:RO6m0w60XQs+e1uIG8ImUWUiEmk2W9JagX0mxvPijpQFcKYE4kI83oY5kvP2VhAa:Rp6d9AD8yWUuW9Ja/mxniM9YEKCoY5kc

Entry address:
0x1C9B8

Entry point:
55, 8B, EC, 6A, FF, 68, C0, 35, 42, 00, 68, 28, 02, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, EC, 30, 42, 00, 33, D2, 8A, D4, 89, 15, B0, B7, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, AC, B7, 42, 00, C1, E1, 08, 03, CA, 89, 0D, A8, B7, 42, 00, C1, E8, 10, A3, A4, B7, 42, 00, 33, F6, 56, E8, 70, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 12, 16, 00, 00, FF, 15, 90, 31, 42, 00, A3, A8, 06, 43, 00, E8...
 
[+]

Entropy:
7.9815

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
136 KB (139,264 bytes)

The file icsetuptrial70.exe has been seen being distributed by the following 2 URLs.

http://gsf-cf.softonic.com/aab/41b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9209&instance=softonic_en&type=PROGRAM&Expires=1462842123&Signature=YpIKZPhCPqm9wjd0D36~fYPnKWXO7WDIo8WbR6as5ntnhxv67ZJFRTSmG6hiZIdgyzYEbIljB8MdyfXemBO90prOARHoCc2oTq587onl1LvWA1zJfZQglL0cMQ2pObzf9ARr7HdALv1hejruWFjKL85irgScyq5GyCBJe6yG-Zw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=icsetuptrial70.exe

http://gsf-cf.softonic.com/aab/41b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9209&instance=softonic_en&type=PROGRAM&Expires=1469841702&Signature=BT27DG29oEhJDwVzKoSzeB0wkOmRljXNwydjlQBAyUBGY~nkdZOqsJbgGNupIQzKpbCnTWe~jBwDYY8RbLCDVwLWgRo3Hd4hygTVt15rf~ieJanhf-vPPbsip-rWjCNKP9Opox2cJ7rOu7bSn0l7XWc2qyIIutnHw3Xd5veRkGA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=icsetuptrial70.exe

Scan icsetuptrial70.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.