kurulum.exe

The application kurulum.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from kisa2.com.
MD5:
1e1e8849545626561b6e789a20450a70

SHA-1:
5228306933c524b7182bf87aac63ce2ea3740bc4

SHA-256:
cfbdc6835fbb2c36edc29b550aaedfd3174bc70ff0d54fec27ace1aa5ea46beb

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/25/2024 1:24:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.134.32

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14714

Comodo Security
Application.Win32.Agent.~HO
17862

Dr.Web
Trojan.DownLoader9.3477
9.0.1.0195

ESET NOD32
Win32/InstallCore.FJ (variant)
8.9486

Fortinet FortiGate
Riskware/InstallCore
7/14/2014

F-Prot
W32/A-42c63c6c
v6.4.7.1.166

K7 AntiVirus
Trojan
13.176.11302

Malwarebytes
PUP.Optional.Freemium.A
v2014.07.14.11

McAfee
RDN/Generic.dx!c2w
5600.7069

Norman
Troj_Generic.RQFMC
11.20140714

Panda Antivirus
VBS/Autorun.BC.worm
14.07.14.11

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14712

SUPERAntiSpyware
Trojan.Agent/Gen-Graftor
10483

Trend Micro House Call
TROJ_GEN.R0CBC0PAD14
7.2.195

Trend Micro
TROJ_GEN.R0CBC0PAD14
10.465.14

Vba32 AntiVirus
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
26946

XVirus List
Win32.Detected
2.7.14

File size:
669.2 KB (685,259 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kurulum.exe

File PE Metadata
Compilation timestamp:
6/9/2012 4:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:+K2mhAMJ/cPlP5V35xKDd4EO1vhFOC4dn/y2JMWcz+YG494I2:v2O/GlP5IDd45vh94/yWe+I4r

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Code size:
73 KB (74,752 bytes)

The file kurulum.exe has been seen being distributed by the following URL.

Remove kurulum.exe - Powered by Reason Core Security