iobitdownloader_installcube.exe

Total Loader

Kheifets Iliya Mikhailovich IP

The application iobitdownloader_installcube.exe by Kheifets Iliya Mikhailovich IP has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from ru.iobit.com.
Publisher:
Total Loader@ td Corp.  (signed by Kheifets Iliya Mikhailovich IP)

Product:
Total Loader

Version:
3.0.0.0

MD5:
6f6fa452cd6519b28a1840c8d97d4fbe

SHA-1:
7a5733ea10a3c65b72902af5d389095db26c2ce5

SHA-256:
5f7872484965c26f98e6467afd23cffa69ff3c8665e132048cee65564a349c98

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:13:49 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/IObit.189688.4
3.6.1.96

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Program.Unwanted.276
9.0.1.0116

ESET NOD32
MSIL/IObit.C potentially unwanted (variant)
9.11507

IKARUS anti.virus
PUA.MSIL.Iobit
t3scan.1.8.9.0

McAfee
Artemis!6F6FA452CD65
5600.6784

Trend Micro House Call
Suspicious_GEN.F47V0419
7.2.116

File size:
185.2 KB (189,688 bytes)

Product version:
3.0.0.0

Copyright:
Total Loader Corp. © 2013-2015

Original file name:
iobitdownloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\iobitdownloader_installcube.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/23/2015 3:00:00 AM

Valid to:
1/24/2016 2:59:59 AM

Subject:
CN=Kheifets Iliya Mikhailovich IP, O=Kheifets Iliya Mikhailovich IP, STREET=29 Altaiskaya ul., L=Moscow, S=Moscow, PostalCode=100000, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D503C62352DE045FB81D9D541855742C

File PE Metadata
Compilation timestamp:
4/19/2015 8:02:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:LPOtZNL9xnFl7H0RxZdRmX3shW2a8Vg5JMSLkrLp35V:6tZV9h/QRmHsEHEF

Entry address:
0x184D4

Entry point:
FF, 25, C4, 84, 41, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 7C, 19, 00, 00, 7B, 7A, 7D, 02, 28, 08, 88, F0, 95, BA, E2, FA, 09, A1, 6F, 12, 2A, E3, 00, 45, C0, BD, 64, C5, A7, 38, 46, D9, 4D, 45, EF, F9, 31, 32, 0C, 2F, 01, F9, 48, 92, 87, 08, 1B, A0, 00, E3, 4F, 71, 05, 7C, 97, 53, E9, 6A, F8, 9B, B5, 35, 8F, 78, 81, 10, 0F, 2B, 69, 86, 3B, 65, B0, 62, 26, 8F, 4B, 49, 03, DD, 12, 57, 05, 41, 84, 69, C7, A2, F4, BB, 83, 67, 97, C6, 77, 66...
 
[+]

Code size:
177 KB (181,248 bytes)

The file iobitdownloader_installcube.exe has been seen being distributed by the following URL.

Remove iobitdownloader_installcube.exe - Powered by Reason Core Security