» k-lite-mega-codec-pack-10-9-0-32-bits.exe
Overview
Analysis
File Details
Downloads (9)

k-lite-mega-codec-pack-10-9-0-32-bits.exe

Web Installer

The application k-lite-mega-codec-pack-10-9-0-32-bits.exe, “Web Installer Setup ” has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.

File name:

Product:

Web Installer

Description:

Web Installer Setup

MD5:

81148d5dd4315b42679d5ddf53bfe8b1

SHA-1:

ad268b991a6ce1bdbcf080ef5d8b279b5a87a33e

SHA-256:

22579b6a13b81cc1d45af3035aa4074e0fb93ee62f7c42c0dd1613ae35496dc4

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

12/26/2024 1:20:40 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

Adware/InstallCore.688617

7.11.200.132

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.1523

Comodo Security

Application.Win32.InstallCore.DAI

20682

ESET NOD32

Win32/InstallCore.QL (variant)

9.10997

Fortinet FortiGate

Riskware/InstallCore

2/3/2015

K7 AntiVirus

Trojan

13.190.14604

McAfee

Artemis!81148D5DD431

5600.6865

Sophos

Generic PUA KN

4.98

Trend Micro House Call

Suspicious_GEN.F47V1231

7.2.34

File size:

672.5 KB (688,617 bytes)

Product version:

1.6

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\k-lite-mega-codec-pack-10-9-0-32-bits.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:0MEFaWVBs7un8g7iGYYz/BgsC7HtJUzRfZR4QtFxT6nF8lrY2Hj38J1V:0BF70in8I/z/B/CztJUzRAQj0nFirRMt

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file k-lite-mega-codec-pack-10-9-0-32-bits.exe has been seen being distributed by the following 9 URLs.

http://d.baixakifiles2.com/?ic_user_id=9289&data=An4r2g9mWrmmF62cBB8sXRg6XRLkeypXIJug4kyD5lMRScgiN5OsuNtTmYmZAUyBH1sRnywj2 sG TD6Fox48lmbjbiTrxz0SPCpmsnU E4dsGxhuNJ4UB2z275D7zhBEli9G7xu/HyLHvE3OszxlgJ1jEWxXI2XWHFb950aqDTDCZ2ucgymy/TwQle8Bn4a0uSu/iSED5/uEfECUXPFKocYiYl63cjdFOHkBrRv5t/V0ovIxexl8iPDAKniiLDL qPgaIG0cNYEgebRncR2LMpGq9wIETS6wWrEppQ2NuaMuYNO3CIFS2xzBQauUt1iIR27s/4bSHZgu/dk0THhyqjWFJ8R3Ww3atktfGgNz4m7pVIDKXRo14M8BRjhgZYKx2SKctaqn7QRKXDXyg2hCJnBIFBIA8W8DhB1lzrveQVFHXjCE4i 09MiK vf1BL0EWsbEdGwz19 4tSVv/jIglRCSnQz3mkpCTGdQ7LKzEN23wnysxuUl81d1mdXc/lx5DiQ3xVQ NROC97t8E1PMNUnNvFtIqGtJ4h70itbxcWz2bOjcThKreIrkEvDj2w3CUWzdL/r 8AFrwfKdUJ5jP09LzzxBRqJCneIruAGeN93qSpVP0Nmrv0LsAgVrQczCwt6rtvLVY/kS3TIYDs7IEyH7zfS5yPpg0Swz5k1hvTXBKEafYuiic9PpjBaHg7ElchAar6ogYvkmWXO8uDMUSPwg8kxCaClH5EIPbUFwAb2m7P6lsf9gZJLkQ==&key=T40faOXhz6Uazb4gFlAONgukMVgDQCUmgddSMie8 Ozz0fTO//MeCyrU5E4blOMkb5R3T9nEEP6PZDvipoP79ijvoXXGpZBdLxag4z27zG9WllGuMWGJ619jYOm7x56VXDPOfFRjDSs4sZAvEEtHrqyWsfjnUYfPa6Ie2j1 B0HPMY5YMqotZT

http://d.baixakifiles2.com/?ic_user_id=9289&data=GBtz 4PpaiYjw1I/IQPIKfdb055 p8W6jaFppnmEJxs5geXfcF6gxgsnzVdqEwwqFyYOwmZjwhzlgn0UiGSxKiFJhG5E0EOhNZf4/EQfyxhK6itp3VPOp4KxT2JJxlAtfCXwKCghHxK8cfDN xLcjIfGEaY2phD1Vurs 73yBxPFoEFKllT88VvyxO4H3BQ1TQU0KIwfLcRbjMdHUDZmbtUUnyz io0To8zzSuDmtV8eZOtleb3RHU/DYWeaBHjMxhhoDWJTofLgtIOgg1gEmPYZP8YqTCucKmOPLRKvMTwP6NTVwzBBuk68Hu5speQdiCPqhSFB1W6U56zRr8rncAFrnAxCRH2KuPyoQ2F8Wu8nZZDRsI3DAYtFcA96OCYJcD9QR19LnEVOnArRIe5XwCFW/njnSA4SUkPobnhFmU GewvmEsQqD0asYlI0UZmFBI0lgiIEYiyeuEcEH7pQBn2dUS/a4n8Ayulv/OxU2MKp2780ppw5wlXEIjKMOI3DW6WhTtksY6OYi79/KpxjAH5XUdVSoiFx6qr dDSEPU9g9gDCmljQmDkPOWsBnvLhEe73wj4MWceGyJTyusoeGUgpYE 2MVEHBsS7HCkx9NO4kUjnwl9CeZqlxM0UMIkLfLvjwhTh0t9j0LfSSXMPbW5DoLwQbNwWTFW7yp8zX7mS1S48EoBRieRUosaxZklLElUIO3GtFquwNKLX5yXFxB/FAM4Bq22nYJoT/hLj50ZiZe9Y OYFuiE9Ng==&key=qiBEDMa85YlMfegA8OlRfd11WUvvceXSzXDplog4gHW0remUphmCk/.../sXLLAmbjNJ0LDYSK

http://d.baixakifiles2.com/?ic_user_id=9289&data=P8KS6 gxxvWxqOAfJk0dUuTzWpeASlXPyhi3MMkMqh6KYk/141Qmq5pzOzLybUnbxJsQFxGzKQBpycZAZVL6oL n/uEinV5CLpydZvPl66CBdW9q 1SUc6aK8JHbPwYSisvlqxwQcpxI6tcgKSlLCz5sFxC44BwHVOXpJu bZny1rAQaEmgDxcRP9uBAvhbcXK7YKjCTSYbo3wwl3fYFXdikdOXX8 2gdzXqyjSpPGUZjV39i6JpjLiRZa1hIRpzTDoaCcyzjud/64Vggtkmrju5HbpS5v m6o8i438aeWvOFb2zk7lsL4Qc7zca1qcgSLCteVtjOJ0QPzt3dcBpXwRQ55boj5PN6PUc/OdCx4SaDvwjmp1ag/0S7QRuXdw2D6NxITH5 pZAT0iFsxHP85 QFlJl4ynjaK1JuxH pg8p3/HxNrXToh8AI4ZCfONMBMoel4Nzuuf8iQsTohoUSuqrJIeQ9w21c7q8bGQnKY/xQmj8/i8ueV2iEExEgxROAis3bmPKAZPF/rmgZbS3z4kKhcNX7nwtWPQuC/NRUoUvzx7mrek6Fe9/3sh56LBrBIHUlL JemEr2UgHNJqoAwNkV/shdgl2Z1chLBllxAg8lDXnFKvHhXDMywqkUqHkbYKozGjw9KWSTz4xXTfP6f T1eCHwmAmPn4jMTYObzoyK7V27haYrL5dsorBYd0Szq3hq/IT5f4MKltcjbUq/R23UejZDfcqbvfTpjinPTpDb6AWu94AulsQVA==&key=mFfexV cgq ewEDuLnClRP48vF4Owtk56ZDXAKrnm6 vHMSGKGZzojYkJi Zv0fpGi62zlzSACa195ksYTMls/DYEsRJNl1U0oHvE6SFYN vEUS45F4FGLxrHgJ3 bWCLwUUz8jUcJU9FB MRfgSAciBC8rGAl3I2g2 skZy/.../e0bzpaI6ycF

http://d.baixakifiles2.com/?ic_user_id=9289&data=4/jpnNEQdDL0DAV1ydYvpbuFRvUyCmI0LBtWSeV1sY/QEkjgbu2lK9ELLO1OwLaDQRtRlnpSC0J19v6/jbEbpBFOgokzs6I4YvW7ON1/DIEthZwurfgbsIfzmbNuCZPckuLlH83DDiWNOauzZs YWBf8m5lJ8xefSqcZagnqXDvHpIdJQep7JFgtIRHlq6V4kGmHwr/0XhQ7IIKoVNqqtSWRkfyFNU7/MHsW07aP0sqmcPghOMdKofBlFhEKU1SQ7Rh1h4JcNG8VUyXM454H5Fudv6C/W9Vsyqpbqtnuc00OXcN2XiGcasVNCEm/mhuj3CJDcfTwLh0IqbmJISyI5il0FGVU07jErV38/scuzDMWvEV0AyZzrKek7406EDe/vIEKzlhXVaJAcfhUbXz5k6yZEw8ox1rqWFoceblQ1xqDRThdPDgzGiiamBcwQvnxkz6mzRdEvPjZTmwkp3CfTITVSQcDdWvrvkH7Y2pPC2BJ1XRo4ak2GeKGrb3DbJabM1Nq4ogTujJlramM5GVeSXrQP7akfc BqIj64yJ 1zucXlmC/78GDVts3uJrygA2oxxjbB9WTRKuUPHu6N9bxZPPQM/d9NbTXbBrGuCK9vDedcEIdxoESHx8CbGGfQFNvv5pmP2sDIN9h6P7ooQRuGwqoiWpuo0jXrnAhytIyDufWq4dndLFiI2PyBcX1v3/MvOF/5JknIsLeS7L10sXhdL1nHq /02i51gd9 VujlU4 1ug3rQ18cqHoQ==&key=MFGuyc8Yolyp6HbgmpQb DaCQ/.../IJXADOhKXdGS5YxNvKg9GS7FYcmwdWPTFvceKxYgWmztFYfjpowq3YXA7xtOQcWwyhi98a9Ll9ymkleRsnJuYhCOW6FDxsZyX4zXxGsvBnMN F3xnUMLcYrES

http://d.likelyaa.com/?ic_user_id=9289&data=PfpW83tKFe7BrwoqU7FR6s 9kClGDUSV12at12/8AjbijER7Rf9od xbHjiEoFzwYKRskR4cTxMxKOFygbH8UeBb8MZf9CP5jIzeDE6nUudpet0rEjEZwXrClB KyaZ n6ZsyxzJkRQeH MUH2T3J332HHvmyorWnyjXPvuHvK1WONPCLGhOp5YN1YJ2hO3QwbFjQepZTfUfnwO6rwPDVsZO17oRVFugq0zBaCM5vmZ8dCrimgSd4yiXN6of8UaWt 4/Jhp38WPTZklVmFsVgiVXhWt1WkPM9zr14e2fBU81rO7q9jCnhFo7UQSEFnlL WYUVeLb7KM3uKRwbBUUPBOHy1RXlVKMmw25OeFD/iwMPL5cPCoKkElJrw5fQcX0t InEdVyHNSAyJnUA SbbZnVVQfIX/bp5MJ7RsueTIghMf7hwDUOl5ylO4JE8AQE5mF3F3HhYvDskAerqnL5oBstBak6sVYrTNpEfAvsAeguRGxzcGYy5PBBika95zvHvzsyA/9v2hcY1Ebz71AnFZez4nRkIUfDTW7QUIH92Rk0LWOEKBP34fwnSujuSQbfJkIsilWHNkifV4Gpu378e3L7IvUC9KXZ0bqzWC4pjYX1AGMgUR1Mpeya1K35JFh4kNqupXuq VtVoS5WfXh5UG5Gf7QCWaa5p5UfHwx TxBA gp1aa1gw5zCMeuPe3cfZxUDzrUxC0vE4v8h3q5j9oTfqNc/oj0eFskwUsg9N2zog5Txn/Ede4lSEQ==&key=L/Wk7R/KG2x MiwMxV5wmPTq1jkkwqBeIhWcCBng/DCyZZod 9y2dOTkMtPjscj2Qbw8hF8TaUyn8MSe2KpeKyrkQ6fFlFHwXb1RZG9G5LZLKsleS8nD17QWeSb98Gy6GVt8TUav/.../BDaQnIO13styGn72lQ8GU

http://d.baixakifiles41.com/?ic_user_id=9289&data=H94NsjkY9tEMbODu3j0414bFE6/YEO0pu0L2Xm1uug pV0CRAztSts6nOscLds7vTXKPJ2M2z7HjFMJWVSWeG 5IBMzY1rpHU75GwUa0r2jkh6pJN/xvxT3om3ihnxV058Sz8IUKmqvF9Jh/3OGZdpj9iZHPj5cgZJ276FNAKzfSDTWGXuXPjk22Uac5 0yhDVNrLyMYsIrNKFkorUPEojp3zQ2ghHgtCyId oQshvForGOMlWTY9Dv7L3etZjREgccLcc1OgNwhjXixMiKrnb1SWcSLRcqZjZoAni fi2i6Usan0RZIDbsahtcdVGqUF/1OzLTQgOdRXrBpPaUFYsIpbCWm2UcffjqWYYj ze6Z8WkYVmlGnvLWHX8Ip/d7DvXNv86Ue33IIAFqHv40jKHxSDXhtXY55opxXy72J8WbmWEiVnaJsgAdRQq6OuLq9N5I25LQQ2o7K vtW5b0PEYOhY7BPde0rFGuLWMaPYrYw34GFylg4603MvDK3CeIcV3teDavT98HAOouyp6mvfjuE8XXIjEYC6deDMC43LtMoxS92pKl/vb/TZMLA3wUaNW4SYPGNTPEwpqSvxm4j mQ2 X9vDFHh3loE4x/YuXjPIOVqJ6y1WWcoM6DHH6Nq3lJIaYc0t/HOxm9/.../t1PgAW6xLIJDD2YXv7vSBlf

http://r.baixakifiles2.com/?ic_user_id=9289&data=H94NsjkY9tEMbODu3j0414bFE6/YEO0pu0L2Xm1uug pV0CRAztSts6nOscLds7vTXKPJ2M2z7HjFMJWVSWeG 5IBMzY1rpHU75GwUa0r2jkh6pJN/xvxT3om3ihnxV058Sz8IUKmqvF9Jh/3OGZdpj9iZHPj5cgZJ276FNAKzfSDTWGXuXPjk22Uac5 0yhDVNrLyMYsIrNKFkorUPEojp3zQ2ghHgtCyId oQshvForGOMlWTY9Dv7L3etZjREgccLcc1OgNwhjXixMiKrnb1SWcSLRcqZjZoAni fi2i6Usan0RZIDbsahtcdVGqUF/1OzLTQgOdRXrBpPaUFYsIpbCWm2UcffjqWYYj ze6Z8WkYVmlGnvLWHX8Ip/d7DvXNv86Ue33IIAFqHv40jKHxSDXhtXY55opxXy72J8WbmWEiVnaJsgAdRQq6OuLq9N5I25LQQ2o7K vtW5b0PEYOhY7BPde0rFGuLWMaPYrYw34GFylg4603MvDK3CeIcV3teDavT98HAOouyp6mvfjuE8XXIjEYC6deDMC43LtMoxS92pKl/vb/TZMLA3wUaNW4SYPGNTPEwpqSvxm4j mQ2 X9vDFHh3loE4x/YuXjPIOVqJ6y1WWcoM6DHH6Nq3lJIaYc0t/HOxm9/.../t1PgAW6xLIJDD2YXv7vSBlfm

http://d.baixakifiles2.com/?ic_user_id=9289&data=H94NsjkY9tEMbODu3j0414bFE6/YEO0pu0L2Xm1uug pV0CRAztSts6nOscLds7vTXKPJ2M2z7HjFMJWVSWeG 5IBMzY1rpHU75GwUa0r2jkh6pJN/xvxT3om3ihnxV058Sz8IUKmqvF9Jh/3OGZdpj9iZHPj5cgZJ276FNAKzfSDTWGXuXPjk22Uac5 0yhDVNrLyMYsIrNKFkorUPEojp3zQ2ghHgtCyId oQshvForGOMlWTY9Dv7L3etZjREgccLcc1OgNwhjXixMiKrnb1SWcSLRcqZjZoAni fi2i6Usan0RZIDbsahtcdVGqUF/1OzLTQgOdRXrBpPaUFYsIpbCWm2UcffjqWYYj ze6Z8WkYVmlGnvLWHX8Ip/d7DvXNv86Ue33IIAFqHv40jKHxSDXhtXY55opxXy72J8WbmWEiVnaJsgAdRQq6OuLq9N5I25LQQ2o7K vtW5b0PEYOhY7BPde0rFGuLWMaPYrYw34GFylg4603MvDK3CeIcV3teDavT98HAOouyp6mvfjuE8XXIjEYC6deDMC43LtMoxS92pKl/vb/TZMLA3wUaNW4SYPGNTPEwpqSvxm4j mQ2 X9vDFHh3loE4x/YuXjPIOVqJ6y1WWcoM6DHH6Nq3lJIaYc0t/HOxm9/.../t1PgAW6xLIJDD2YXv7vSBlfm

http://d.likelyaa.com/?ic_user_id=9289&data=rRwlmfiRzyzniCQF7NVSqwmr6QXrUkAFjRvsYUClv1p7fLj3EyFmzYZeqkimNzCtwmhn4n7ffY1qZd7hCA g9q5xYI6Na7j3C14Jikr3FgGVr3QhTMDpbPHyoTwlHjyqXfPkVgiEK2NPPdd4Ctna5k1wC7KcpGlTR0EGNEb07/4AFDuGXmK8iqA2T/hE lGkFUS26aZOVoPT1c07RrN7YPKcDR7Ix1QLxOEy9TrXV3OAQ7f dw4funp4LM58SGFIMDEkZVt3lO1r3M7fzy3G7PCHOP1Vk6gia7KHa7p5eN9MmYKjdKNAlPhEJQjOHujvBeXMuZt5ht6rZfL/b3D6Au9lTzCQFuxYAjuSt5dAyLhEDUMnyi/SUx087lBRH7w/8RvVSyYnt mdgZqDS18wTOJ7a9eDQlIRgPGiORqrYGmt5i67txBVRcbMnfr8kmoMjG8/vxVP/kceP3WBywLiga6sQRTtpXLZO0Hhe yL6hbD76v5G8x/Ey9RENFecHvbpatKGJbuy5BFT6CBfdHul8oyO2t9s8z5O4wY tFNVWex4xtGzv3zKfMV0jsBhB20s71gn iPeWK7XMibiiAyqDIh9inPf9wyiC3JZTOi/52p9HguPECVYYsQSzoQZStEM7vSsmam3ADnoaax0B9nZUxsBmqo1FmYtZ6dCb/nFd0yrN3m4TTmpzhkai96VPCR q/yoysmjPOnMQynLyeQ4pzTVhM1GHxQLv0yrF57KHc8ID82rwEJdSfnOw==&key=QI8zSqdRNPwho 1weZWl7qDg/Id/gY881/t6jY0PTkP4lXRi1N6AWp4aUqHRoK8jYKEf3qMnsTm8DXDtDjcGf AIVGM3rDcgK XeftjW 4AqruJjENmR7jO8kas2xC07 ce/.../H4kM gppH3UhPq5y6ucvNxRt1zQHQ5DZT

Remove k-lite-mega-codec-pack-10-9-0-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.