installer.exe

Downloadcentral ApS

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer.exe by Downloadcentral ApS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer.
Publisher:
Downloadcentral ApS  (signed and verified)

MD5:
febace436a2c274ebd4c0b8dc5d8ef72

SHA-1:
11e553fcb0441061b6e006fbd12be75a125020e8

SHA-256:
03cca9cf71af25ce6babe6a7fd858425f7066ead1493599ef16e8ae954a5540c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 5:20:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.12.6.11

File size:
1.1 MB (1,205,376 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\installer.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/10/2012 2:00:00 AM

Valid to:
7/11/2013 1:59:59 AM

Subject:
CN=Downloadcentral ApS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Downloadcentral ApS, L=Odense, S=Odense, C=DK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3E0CD42145109655AB37716301DF2ABC

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:iHLbvDG2oGSZ8BwPCfZabMdt8kAphvCwGvT6zu7TeAX6nRp8:IvDG5sc2IryT6m/X6

Entry address:
0xD6620

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 24, 41, 00, E8, 3E, E3, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
869.5 KB (890,368 bytes)

Remove installer.exe - Powered by Reason Core Security