home

installer_ares.exe

Kepo

FunnelOpti (Alpha Criteria Ltd.)

The application installer_ares.exe, “Kepo Setup ” by FunnelOpti (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from us10.proxysite.com.
Publisher:
FunnelOpti (Alpha Criteria Ltd.)  (signed and verified)

Product:
Kepo

Description:
Kepo Setup

Version:
5.4.5.5

MD5:
e202647c8b5d237d20aefc7f478e7898

SHA-1:
7a451daf6aded9f91f7f7af955ed890cc9982b46

SHA-256:
2a75e16ce2b96e1526039cc45847777bec10dc723627ce1a93ebe46e3b2914b5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/5/2025 6:19:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.6.16

File size:
930.3 KB (952,600 bytes)

Product version:
5.8.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_ares.exe

Digital Signature
Signed by:
FunnelOpti (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 6:41:21 AM

Valid to:
8/26/2016 10:34:53 AM

Subject:
CN=FunnelOpti (Alpha Criteria Ltd.), O=FunnelOpti (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C57D0836DF0829F54F07ADA2D08AAFCB

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5tFmEVQ/q0ZmF228Jn+3oz/oy3RbiHYb+SHuAL:5fjeq2mF2fo3wzRf+SHVL

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9366

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_ares.exe has been seen being distributed by the following URL.

https://us10.proxysite.com/process.php?d=joV9rFmPUFtTl8LLVFvSntRVNX4TniVxocj4w3WT4dOAHTWpWDAVTVBB5BL5ycWDSWDdkikuttY4ok6DqvqqqxIwOjahAsvuXdbMURpAPHhax/18lz5yYqB6pY1FhjZBnpFBMCdI3TefheRHNv19Whl2XvfjVsJvtfTQrCl6qAgtIUrOIEA1inrc7sXoIl2492dGKFP8/EP UOx BXOZHnAx0Qu6YxEnD795ye4g4lgje3BsD8AnBNmm9ZUowixf pHwjPapMmQIORXN2Hz62KLGvz2GqYjllOKLmxsn /tZZDzmJ bboP4oeYxIj1MzEeyhcpxAr1/LcuX1ZuNbbjdH2ijDyvq/MMmVHdOTuFW8yRiBqa8ZkANnFKNIo4sYX 7Bsdi2WUDeTniUFa9wsud1nUAd2JILNiiwTlxmFS PLqYndKFSM943K383yjzuiuAeLsWbTabw/mfRQ0Fei7V6TlBsZehUv3NV4QEWCZgTCLxOXBveXNIiV3NGkGu4CsKwmmRziKbvLbwMXjCXUpiyy3xkM5dNU/.../D8ec89J6u71b8p5KlJ0sZa0FGTTTyGEsn2ich1eUsAVw4pU0 oezXtldHWDSVhqpziyb6AsPziL83NeTFxy0WidGX0Js7ZnRU W8SnO ayG3 STMyGZVt2KO31X8NfMnAu043hpub95eGzC09WT4UpClPMsYyexUWjrJ7 8OiOfpvr85hf0XMk wTRNQelvaMGuhRYpDy2w2zCiX vqCAd8m3yar2dWDbLRxNQ1GuN96Y5dXyzcCehXsv7qRQLFbp

Remove installer_ares.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.