» plantsvszombies.exe
Overview
Analysis
File Details
Downloads (1)

plantsvszombies.exe

The application plantsvszombies.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dm.portalprogramas.com.

File name:

plantsvszombies.exe

MD5:

8644e683e1880d9b5b6102e8ae86d80a

SHA-1:

42cb5829bd6fdd3fd2c8a539ef9be5e24aaba3c7

SHA-256:

0600e14d038382314598560d6151b237298225c2a3b8fec27c32140783fb3d7a

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/24/2024 7:41:18 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.InstallCore

2013.08.23

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.97.218

avast!

Win32:PUP-gen [PUP]

2014.9-160619

Bitdefender

Gen:Variant.Adware.Graftor.62453

1.0.20.855

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.D

16809

Dr.Web

Adware.InstallCore.20

9.0.1.0171

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.62453

8.16.06.19.08

ESET NOD32

Win32/InstallCore (variant)

10.8718

Fortinet FortiGate

W32/InstallCore.A

6/19/2016

F-Prot

W32/InstallCore.B.gen

v6.4.7.1.166

G Data

Gen:Variant.Adware.Graftor.62453

16.6.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.127

K7 AntiVirus

Unwanted-Program

13.170.9363

McAfee

Generic PUP.x!bj3

5600.6364

NANO AntiVirus

Riskware.Win32.InstallCore.nydgd

0.26.0.53954

Norman

BundlePack.IYA

11.20160619

Panda Antivirus

Trj/CI.A

16.06.19.08

Reason Heuristics

PUP.InstallCore.ENG (M)

16.6.19.8

Sophos

Install Core Installer

4.91

SUPERAntiSpyware

Trojan.Agent/Gen-InstallCore

9072

Trend Micro House Call

TROJ_GEN.RCEH1J2

7.2.171

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.C

3.12.22.3

VIPRE Antivirus

Trojan.Win32.Generic

20790

File size:

602.1 KB (616,568 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\plantsvszombies.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:iiHS7FPQ0gTNgjoEIYnONlDZW/zM387a3ourmH/c3PFAcJxnCrBY0XmgOkSbAsUy:iJPQzij8WbC8Ob6HE3PvcBYqHBSssJ

Entry address:

0x118D00

Entry point:

60, BE, 00, D0, 48, 00, 8D, BE, 00, 40, F7, FF, C7, 87, 10, 27, 0C, 00, 59, 3A, A4, 2D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

560 KB (573,440 bytes)

The file plantsvszombies.exe has been seen being distributed by the following URL.

http://dm.portalprogramas.com/dm/.../Plants-Vs-Zombies

Remove plantsvszombies.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.