» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Internet

Internet Application

The application installer.exe, “Internet Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

installer.exe

Publisher:

Internet Application

Product:

Internet

Description:

Internet Setup

MD5:

873c5755161c31a022956a5d2495df11

SHA-1:

02eaa0c827ad5028a44e2b92a5f3da29bb63ec0f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/8/2024 12:45:59 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

16.3.5.14

File size:

613.5 KB (628,228 bytes)

Product version:

4.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\installer.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:4C1z4xWxMoqK0dwdagJ02KzA0awwwpSN9lTCzNv2q5bigu7tt6l2ErhO01SCm:4C1ztgYYRNuUugux2TrhbICm

Entry address:

0x9C40

Entry point:

24, 2F, 71, 0B, 2A, F8, 0F, C8, 80, C3, 47, 8B, DE, 8A, E0, 88, D2, 3B, E9, C7, C2, 8B, 1B, 19, 88, F7, C3, 65, 49, 47, DD, 3D, 69, E9, 00, 00, 74, 02, 88, EA, 69, EF, 48, E3, B3, 22, E8, A1, 00, 00, 00, 3D, 4B, 4D, 00, 00, 73, 08, 85, F6, F7, C1, 23, 0E, 25, D4, 84, C1, 3B, D9, 75, 02, F7, DB, BA, B9, 39, 06, 00, 81, CD, BB, 22, F8, 62, 81, F2, 5D, 8E, 0C, 00, 0F, B6, DB, 87, FA, 88, EA, 81, C7, 7F, 05, 00, 00, 0F, CB, F6, D1, 0F, CB, 0F, BF, F0, 8D, 0F, 87, EE, F7, D3, 72, 02, 8A, DD, 87, EE, EB, 03, 0F... 
[+]

Entropy:

7.8014 (probably packed)

Code size:

37 KB (37,888 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.bulkfunbody.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.