installer.exe

The application installer.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.downloadcentral.dk.
MD5:
8b334dc102bac94fcb6d4c34e9b8f6e0

SHA-1:
5f2d8077eccab197ccfb59623eaec0c42ebb846c

SHA-256:
0130f1dacb14b2d81ce30c8ac34c0f8165091a1e3b922615f9d1894b6a24e51a

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 1:45:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.547137
204

Avira AntiVirus
7.11.117.38

Bitdefender
Adware.Generic.547137
1.0.20.985

Dr.Web
Adware.InstallCore.75
9.0.1.0197

ESET NOD32
Win32/InstallCore.AY (variant)
10.9115

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

F-Secure
Adware.Generic.547137
11.2016-15-07_6

G Data
Adware.Generic.547137
16.7.22

McAfee
Artemis!8B334DC102BA
5600.6338

MicroWorld eScan
Adware.Generic.547137
17.0.0.591

Panda Antivirus
Suspicious file
16.07.15.01

Reason Heuristics
PUP.InstallCore.ENG (M)
16.7.15.1

Rising Antivirus
PE:PUA.XPACK-LNR!1.5594
23.00.65.16713

Sophos
Generic PUA FP
4.95

Trend Micro House Call
HV_INSTALLCORE_CI053396.RDXN
7.2.197

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.24.3

VIPRE Antivirus
InstallCore.b
23874

File size:
1.1 MB (1,104,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:wpyXUHrbzFFHRUZfbDGnuiZa05gsMXvG+B/q1In1vK:O5L/FFHixiZg4K/

Entry address:
0xCD250

Entry point:
55, 8B, EC, 83, C4, F0, B8, CC, 4D, 40, 00, E8, C9, E2, FF, FF, FF, 25, 64, 21, 47, 00, 8B, C0, FF, 25, 60, 21, 47, 00, 8B, C0, FF, 25, F0, 21, 47, 00, 8B, C0, FF, 25, EC, 21, 47, 00, 8B, C0, FF, 25, E8, 21, 47, 00, 8B, C0, FF, 25, 5C, 21, 47, 00, 8B, C0, FF, 25, 58, 21, 47, 00, 8B, C0, FF, 25, 00, 22, 47, 00, 8B, C0, FF, 25, FC, 21, 47, 00, 8B, C0, FF, 25, F8, 21, 47, 00, 8B, C0, FF, 25, 54, 21, 47, 00, 8B, C0, FF, 25, 50, 21, 47, 00, 8B, C0, FF, 25, 4C, 21, 47, 00, 8B, C0, 53, 83, C4, BC, BB, 0A, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
837.5 KB (857,600 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security