installer_directx.exe

Kepo

FunnelOpti (Alpha Criteria Ltd.)

The application installer_directx.exe, “Kepo Setup ” by FunnelOpti (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.directx.es.
Publisher:
FunnelOpti (Alpha Criteria Ltd.)  (signed and verified)

Product:
Kepo

Description:
Kepo Setup

Version:
5.4.5.5

MD5:
8f70fb1077969d7307373ddcad0ec926

SHA-1:
25a1f6e5f6fb022276f85ea437f5741793178200

SHA-256:
7aa21935e01b253bfd6b4a9c18807ecd5f7dd1e49c8934499fedb937961472d3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:55:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.28.6

File size:
930.3 KB (952,600 bytes)

Product version:
5.8.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_directx.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 9:41:21 AM

Valid to:
8/26/2016 12:34:53 PM

Subject:
CN=FunnelOpti (Alpha Criteria Ltd.), O=FunnelOpti (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C57D0836DF0829F54F07ADA2D08AAFCB

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dtFmEVQ/q0ZmF228Jn+3oz/oy3RbiHYb+SHuAL:dfjeq2mF2fo3wzRf+SHVL

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9366

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_directx.exe has been seen being distributed by the following URL.

Remove installer_directx.exe - Powered by Reason Core Security