home

installer_avast.exe

CPC NET ADVERTISING LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_avast.exe by CPC NET ADVERTISING has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free AVAST Antivirus but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CPC NET ADVERTISING LLC  (signed and verified)

MD5:
3461bc17a6c06cd7ab87dfa29d314a40

SHA-1:
6899e2270c0e5b7e37cecabd100070c3408a0acc

SHA-256:
24c44be00b766e422c98798d4607829c2e80344a3a4112287bf0b7c55564be15

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 6:56:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen9
7.11.158.64

ESET NOD32
Win32/InstallCore.LO potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.180.12598

Reason Heuristics
PUP.CPCNETADVERTISING.P
14.7.2.23

File size:
737.7 KB (755,368 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer_avast.exe

Digital Signature
Signed by:
CPC NET ADVERTISING LLC

Authority:
Thawte, Inc.

Valid from:
4/7/2014 1:00:00 AM

Valid to:
11/27/2015 11:59:59 PM

Subject:
CN=CPC NET ADVERTISING LLC, O=CPC NET ADVERTISING LLC, L=NEW CASTLE, S=DELAWARE, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
402E903377FE117E487BC9F63BC243C8

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ncFa8nXqqtMUn7nLnCIYUtI/3U9sIteYLqjIAXahBNp1mP2L5ELCkwPBxiJNoRMT:ncF3aqtME7FYVis7nJuPLqwZYNEiCq

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove installer_avast.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.