home

installer.exe.torchdownload

Lite Web Installer

The file installer.exe.torchdownload, “Lite Web Installer Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.mousebookpa.com and multiple other hosts.
Product:
Lite Web Installer

Description:
Lite Web Installer Setup

MD5:
bd36e4169d7b68989a2a3a5a122dab5e

SHA-1:
2245a96978a2f7660f76827dfe489c3603cebc38

SHA-256:
badff1d5e97923909dd21825fc1f34c4de9d2f787870590da135febb892bd312

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/6/2024 2:33:44 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.613319
8.3.3.2

Malwarebytes
PUP.Optional.InstallCore
v2016.02.18.09

Reason Heuristics
PUP.Bundler.MB
16.2.23.16

File size:
598.9 KB (613,319 bytes)

Product version:
3.8

Copyright:
Installer Program

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer.exe.torchdownload

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:2/gaQPZ8xOwwNUlnZ22E+zeds5q/vclP+9FcZPFzk9noZ1jMtCG5aNSI5jo49UYc:OgaGZywNURY2gzeAiACKMRl7q3C8pJth

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.7789

Packer / compiler:
Inno Setup v5.x - Installer Maker

The file installer.exe.torchdownload has been seen being distributed by the following 31 URLs.

http://www.mousebookpa.com/.../installer.exe

http://express-player.com/installer.exe

http://www.worlddownloadsapp.com/.../installer.exe

http://www.clearnewsign.com/.../installer.exe

http://www.appworldranch.com/.../installer.exe

http://www.cleannowclear.com/.../installer.exe

http://www.filestourcity.com/.../installer.exe

http://www.worldstockdl.com/.../installer.exe

http://www.factorymetahead.com/.../installer.exe

http://www.sendheartbulk.com/.../installer.exe

http://www.downloadbitstower.com/.../installer.exe

http://www.downloadssoftwarebundle.com/.../installer.exe

http://www.hostbulkbundle.com/.../installer.exe

http://www.appfunapps.com/.../installer.exe

http://www.centralconecptbits.com/.../installer.exe

http://pornomis.com/get.php?c=SHN0Q2ZhMjAzODg4MD0xMzkwODc2NzI4MTc4O0hzdENsYTIwMzg4ODA9MTM5MjkyNjk0ODc4ODtIc3RDbXUyMDM4ODgwPTEzOTA4NzY3MjgxNzg7SHN0UG4yMDM4ODgwPTE7SHN0UHQyMDM4ODgwPTEzO0hzdENudjIwMzg4ODA9ODtIc3RDbnMyMDM4ODgwPTk7ZXh2PXRzdGwwMztleGltZz1odHRwOi8vaS5pbWd1ci5jb20vRjNUajkzay5wbmc7UEhQU0VTU0lEPTU1NzEwYTQzMGU4ODYwYzRhYmIyYWNmNzUyMzM5MDQwO3R3X3RhYnMyPXRhYnMyLTI7bGZyb209bm9yZWY7VUlfdHJhZGVfc3RhdHNfX3dpbmRvd1g9MDtVSV90cmFkZV9zdGF0c19fd2luZG93WT0tMjtzdW1fY2hlY2tlZD1BcnJheTtmcm9tPW5vcmVmO2lkY2hlY2s9MTM5MjkyNjk4OTt2cz1ub3JlZnxub3JlZnw7aW5kZXhfcGFnZT0xO3JvdF9pbj0xOw==&id=x1&exv=tttxx1

http://jeffersonscarborough.blob.core.windows.net/.../installer.exe

http://www.sharesoftwareshare.com/.../installer.exe

http://www.giftgrabbest.com/.../installer.exe

http://www.bitsfactoryuniverse.com/.../installer.exe

http://www.downloadheadbits.com/.../installer.exe

http://www.giftdownloadscycle.com/.../installer.exe

http://www.updateheadbest.com/.../installer.exe

http://www.presentbodybundles.com/.../installer.exe

http://www.bundlesrepositorynew.com/.../installer.exe

http://www.megahostbundle.com/.../installer.exe

http://www.presentcenterapp.com/.../installer.exe

http://www.sendnewtower.com/.../installer.exe

http://www.cleartodaydelivery.com/.../installer.exe

http://www.worldlaboratorycity.com/.../installer.exe

Latest 30 of 31 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-67-230-187.sa-east-1.compute.amazonaws.com  (52.67.230.187:80)

Remove installer.exe.torchdownload - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.