» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.downloadcentral.dk.

File name:

installer.exe

MD5:

8b334dc102bac94fcb6d4c34e9b8f6e0

SHA-1:

5f2d8077eccab197ccfb59623eaec0c42ebb846c

SHA-256:

0130f1dacb14b2d81ce30c8ac34c0f8165091a1e3b922615f9d1894b6a24e51a

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/5/2024 7:07:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.547137

204

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.117.38

Bitdefender

Adware.Generic.547137

1.0.20.985

Dr.Web

Adware.InstallCore.75

9.0.1.0197

ESET NOD32

Win32/InstallCore.AY (variant)

10.9115

F-Prot

W32/InstallCore.V2.gen

v6.4.7.1.166

F-Secure

Adware.Generic.547137

11.2016-15-07_6

G Data

Adware.Generic.547137

16.7.22

McAfee

Artemis!8B334DC102BA

5600.6338

MicroWorld eScan

Adware.Generic.547137

17.0.0.591

Panda Antivirus

Suspicious file

16.07.15.01

Reason Heuristics

PUP.InstallCore.ENG (M)

16.7.15.1

Rising Antivirus

PE:PUA.XPACK-LNR!1.5594

23.00.65.16713

Sophos

Generic PUA FP

4.95

Trend Micro House Call

HV_INSTALLCORE_CI053396.RDXN

7.2.197

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.24.3

VIPRE Antivirus

InstallCore.b

23874

File size:

1.1 MB (1,104,000 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:wpyXUHrbzFFHRUZfbDGnuiZa05gsMXvG+B/q1In1vK:O5L/FFHixiZg4K/

Entry address:

0xCD250

Entry point:

55, 8B, EC, 83, C4, F0, B8, CC, 4D, 40, 00, E8, C9, E2, FF, FF, FF, 25, 64, 21, 47, 00, 8B, C0, FF, 25, 60, 21, 47, 00, 8B, C0, FF, 25, F0, 21, 47, 00, 8B, C0, FF, 25, EC, 21, 47, 00, 8B, C0, FF, 25, E8, 21, 47, 00, 8B, C0, FF, 25, 5C, 21, 47, 00, 8B, C0, FF, 25, 58, 21, 47, 00, 8B, C0, FF, 25, 00, 22, 47, 00, 8B, C0, FF, 25, FC, 21, 47, 00, 8B, C0, FF, 25, F8, 21, 47, 00, 8B, C0, FF, 25, 54, 21, 47, 00, 8B, C0, FF, 25, 50, 21, 47, 00, 8B, C0, FF, 25, 4C, 21, 47, 00, 8B, C0, 53, 83, C4, BC, BB, 0A, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

837.5 KB (857,600 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://www.downloadcentral.dk/?action=load&id=3967

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.