scanner-pro-sdk-activex.exe

Scanner Pro ActiveX Control

Viscom Software

The application scanner-pro-sdk-activex.exe, “Scanner Pro ActiveX Control Setup ” by Viscom Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.indir.com.
Publisher:
Viscom Software   (signed by Viscom Software)

Product:
Scanner Pro ActiveX Control

Description:
Scanner Pro ActiveX Control Setup

MD5:
e32b3ddcec56bbc535977185180f4b63

SHA-1:
94171ca9c5337b992ac3d52bcc4623108b276f54

SHA-256:
bf6cd8d073f59e2f3660028225eb88660cf7a09aa8abebf651827aaa6fd5e238

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 2:29:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.2.26.20

File size:
12.6 MB (13,244,984 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\scanner-pro-sdk-activex.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/29/2011 2:00:00 AM

Valid to:
11/29/2014 1:59:59 AM

Subject:
CN=Viscom Software, O=Viscom Software, STREET="Rm 3,8/F, Block C, Greenview Garden, Shatin", STREET=Tai Wai, L=Hong Kong, S=Hong Kong, PostalCode=852, C=HK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EC2DFB746A14D9D785704A238276711

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file scanner-pro-sdk-activex.exe has been seen being distributed by the following URL.

http://www.indir.com/kaydet.php?x=TVRVMk9UWkFRRUFoSVNFdVFYTnVLelJtSlcwMVRRPT18fHwxM2E1ZmQ1OGM5NjM1YzM5NmNmZGIxNmM4YmY2NWQ4Mg==&m=1&sub=windows

Remove scanner-pro-sdk-activex.exe - Powered by Reason Core Security