home

win7themes_downloader.exe

The application win7themes_downloader.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from windows7themes.net.
MD5:
8499e6cc6693baec36e968274485ef14

SHA-1:
1968573ca14a6f8c88dd678111ec4206f165e5d5

SHA-256:
7fff022bf532c1f027e550aff216bf87995e21bcdc432bc2d21233ead5ad2d7e

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 7:08:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.41078
951

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2014.06.29

Avira AntiVirus
APPL/Downloader.Gen6
7.11.157.140

AVG
InstallCore
2015.0.3429

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14629

Bitdefender
Gen:Variant.Adware.Strictor.41078
1.0.20.900

Bkav FE
HW32.Laneul
1.3.0.4959

Comodo Security
Application.Win32.ClickRun.A
18707

Dr.Web
Adware.InstallCore.75, Adware.InstallCore.43
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.41078
8.14.06.29.06

ESET NOD32
Win32/InstallCore.AY potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.P.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Strictor.41078
11.2014-29-06_1

G Data
Gen:Variant.Adware.Strictor.41078
14.6.24

Malwarebytes
PUP.Optional.DealPly
v2014.06.29.06

MicroWorld eScan
Gen:Variant.Adware.Strictor.41078
15.0.0.540

NANO AntiVirus
Trojan.Win32.InstallCore.cqykzp
0.28.0.60475

Panda Antivirus
PUP/MultiToolbar.A
14.06.29.06

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14627

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.3

VIPRE Antivirus
Threat.4754767
29708

File size:
1.1 MB (1,148,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\win7themes_downloader.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:6JGmFO37jgSG8xjTA+RtUPljvRkS1LZUIiuIm:8dE37j9jxVUpvRks1

Entry address:
0xCCDC0

Entry point:
55, 8B, EC, 83, C4, F0, B8, E8, 45, 41, 00, E8, 61, EE, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9898

Developed / compiled with:
Microsoft Visual C++

Code size:
837.5 KB (857,600 bytes)

The file win7themes_downloader.exe has been seen being distributed by the following URL.

http://windows7themes.net/.../NotesLarge.Gadget

Remove win7themes_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.