home

kurulum.exe

The application kurulum.exe has been detected as a potentially unwanted program by 40 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from kisa2.com.
MD5:
9eb14058f3d5245dfda7158c04da3118

SHA-1:
76ca9d62be4ec7e14ae6aeb8f4cbd5183814e834

SHA-256:
6a07e5a040b0e3c24e84e45d971a383225ae321487abb6d456b6c50238925f50

Scanner detections:
40 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/25/2024 1:26:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Runouce.B@mm
940

Agnitum Outpost
I-Worm.Chir.B
7.1.1

AhnLab V3 Security
Win32/ChiHack.6652
2014.05.29

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.124.216

avast!
Oncer
2014.9-140709

AVG
Win32/Chir.B@mm
2015.0.3418

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14621

Bitdefender
Win32.Runouce.B@mm
1.0.20.950

Bkav FE
W32.ChirBPE
1.3.0.4959

Clam AntiVirus
WIN.Worm.Brontok
0.98/213

Comodo Security
Application.Win32.InstallCore.~AO
17599

Dr.Web
Trojan.DownLoader9.3885
9.0.1.0172

Emsisoft Anti-Malware
Win32.Runouce.B@mm
8.14.07.09.10

ESET NOD32
Win32/InstallCore.FJ (variant)
8.9280

Fortinet FortiGate
Riskware/InstallCore
6/21/2014

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

F-Secure
Win32.Runouce.B@mm
11.2014-09-07_4

G Data
Win32.Runouce.B@mm
14.7.24

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.175.10814

Kaspersky
Email-Worm.Win32.Runouce
14.0.0.3585

Malwarebytes
PUP.Optional.Freemium.A
v2014.06.21.12

McAfee
RDN/Generic.hra!bv
5600.7092

Microsoft Security Essentials
Virus:Win32/Chir.B@mm
1.10600

MicroWorld eScan
Win32.Runouce.B@mm
15.0.0.570

NANO AntiVirus
Virus.Win32.Runouce.bxafx
0.28.0.59921

Norman
Suspicious_Gen4.FNBLT
11.20140621

nProtect
Win32.Runouce.B@mm
14.05.28.01

Panda Antivirus
Suspicious file
14.06.21.12

Qihoo 360 Security
Virus.Win32.CNHacker.C
1.0.0.1015

Quick Heal
W32.Runouce.B
7.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.9.22

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14619

Sophos
Install Core Click run software
4.96

Total Defense
Win32/Chir.B
37.0.10965

Trend Micro House Call
TROJ_GEN.R0CBB01A214
7.2.172

Trend Micro
PE_Chir.B
10.465.09

Vba32 AntiVirus
Virus.Win32.Chur.A
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
25356

ViRobot
Win32.Chir.B
2011.4.7.4223

File size:
719.7 KB (736,927 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/9/2012 3:44:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:sxaVAh64U5luJX+dQG2XWiDUAaAxTttiXvRIzyEm6ZazSY6n4g803uc6DkBaiv4z:sxaVxr5EVWiDUNiDiX5IE0auYU450+lh

Entry address:
0xB3C1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, F2, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, B0, A1, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, D9, A6, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 32, 41, 00, 8D, 45, E4...
 
[+]

Code size:
71 KB (72,704 bytes)

The file kurulum.exe has been seen being distributed by the following URL.

http://kisa2.com/torrentler

Remove kurulum.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.