home

installer_internet_explorer_deutsch.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_internet_explorer_deutsch.exe by Free Software has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from at.fileprogram.net.
Publisher:
Free Software LLC  (signed and verified)

MD5:
8f646db644054b6aa2ed5e34085a0bbd

SHA-1:
9010ea4e0089f16182547f3f0fbc29d58402c893

SHA-256:
ea8bd3eaebb3b6b9fc6f12c6ebd861c1bfd5b6d2f2f31305164b2f680d966ca7

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 5:07:53 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AVG
Generic
2015.0.3318

Dr.Web
Trojan.Packed.28459
9.0.1.05190

ESET NOD32
Win32/InstallCore.PU potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.184.13718

Malwarebytes
PUP.Optional.Vittalia
v2014.10.18.05

McAfee
Adware-DomaIQ
5600.6974

NANO AntiVirus
Riskware.Win32.InstallCore.dfgmcz
0.28.2.62671

Reason Heuristics
PUP.FreeSoftware.d
14.10.18.4

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

File size:
885.1 KB (906,376 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_internet_explorer_deutsch.exe

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 12:08:01 PM

Valid to:
7/22/2015 1:23:49 PM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:ZEtpk6/mE4hADsyOoZQb2mBS0KnY1+/WNJTve:hhADsSZw2mEYgkVe

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_internet_explorer_deutsch.exe has been seen being distributed by the following URL.

http://at.fileprogram.net/.../download?p=AT&tmuid=266c739612b207da0dd93f9f28ca4d75

Remove installer_internet_explorer_deutsch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.