home

installer.exe

The application installer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.factoryhostshare.com and multiple other hosts.
MD5:
8185bc9f524d3c738a8f4f075ebd821d

SHA-1:
9d166c53dceca5cdbff80d0632e081da1db686dd

SHA-256:
037caa5c315070482066ed388a28c43d9c6c060791b5abe42dc23c03b0c7dcd8

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 6:07:40 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallCore.AFM potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.InstallCore.ESTM
16.2.23.18

File size:
296 KB (303,141 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
2/3/2016 6:57:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:VNMSGh32f8b/UUZMxIc0OMd1fzXGGXOF5ovAkpy/h9RGYc:vMSGpqG/UUZMec0XPrXGGXOFJ04W

Entry address:
0x47491

Entry point:
E8, 06, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, FA, 1C, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 58, 37, 45, 00, 74, 12, 8B, 0D, 74, 36, 45, 00, 85, 48, 70, 75, 07, E8, 24, 2C, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 78, 35, 45, 00, 74, 16, 8B, 46, 08, 8B, 0D, 74, 36, 45, 00, 85, 48, 70, 75, 08, E8, 98, 24, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Code size:
318.5 KB (326,144 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

http://www.factoryhostshare.com/.../installer.exe

http://www.dldownloadsafe.com/.../installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.