transformers.exe

The application transformers.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from installerlaunch-pp1.com.
MD5:
ec6c0d92bc92121ae36856e6b5e8a4c4

SHA-1:
f88f83c56cb5de7f9131343aaac4f9168e1db1fc

SHA-256:
e44660cababc4a911fd84b50ba82b58e476ebb62192993157d0f2fb49b8a48c7

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 2:22:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.InstallCore.AO
5821840

avast!
Win32:Evo-gen [Susp]
151217-3

AVG
Adware InstallCore.OJ
2015.0.4477

Clam AntiVirus
Adware.Installcore-71
0.98/21199

Dr.Web
Adware.InstallCore.567
9.0.1.05190

Emsisoft Anti-Malware
Application.InstallCore.AO
10.0.0.5366

ESET NOD32
Win32/InstallCore.H potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.B.gen
4.6.5.141

F-Secure
Riskware.Application.InstallCore.AO
5.05.7110

Norman
Application.InstallCore.AO
17.12.2015 06:34:11

Sophos
PUA 'Install Core Installer'
5.22

VIPRE Antivirus
Threat.4150696
46084

File size:
533.6 KB (546,432 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\transformers.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:1MQCIn8z0aZKVNtSUnI+152EsGEuQKaY2:UZKVHSUjiGRQKaF

Entry address:
0x10B030

Entry point:
60, BE, 00, 10, 49, 00, 8D, BE, 00, 00, F7, FF, C7, 87, 10, B7, 0C, 00, B8, BA, AB, 6E, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8504

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
492 KB (503,808 bytes)

The file transformers.exe has been seen being distributed by the following URL.

Remove transformers.exe - Powered by Reason Core Security