» win8dvd-1.0.0.0.exe
Overview
Analysis
File Details
Downloads (1)

win8dvd-1.0.0.0.exe

The application win8dvd-1.0.0.0.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from www.win8dvd.com.

File name:

win8dvd-1.0.0.0.exe

MD5:

2d812a94e4422a981959c7830bd28b29

SHA-1:

1d3e9d78af9d06e23b0e79a88ceace191df96640

SHA-256:

6582d142aab4672adbcef438255fbe0da4867b1024a0db580d45509b7a2308fb

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/30/2024 8:52:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.106.230

Comodo Security

Application.Win32.Agent.Z

17082

Dr.Web

Adware.InstallCore.124

9.0.1.016

ESET NOD32

Win32/InstallCore.CF (variant)

10.8899

F-Prot

W32/InstallCore.R4.gen

v6.4.7.1.166

IKARUS anti.virus

SoftwareBundler

t3scan.2.0.127

Malwarebytes

PUP.Optional.Freemium.A

v2016.01.16.11

McAfee

Artemis!2D812A94E442

5600.6519

Microsoft Security Essentials

SoftwareBundler:Win32/DealPly

1.163.1557.0

Reason Heuristics

PUP.InstallCore.Bundler (M)

16.1.16.11

Sophos

Install Core Click run software

4.93

Trend Micro House Call

TROJ_GEN.F47V0813

7.2.16

VIPRE Antivirus

InstallCore

22248

File size:

593.3 KB (607,584 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\win8dvd-1.0.0.0.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:2yMJfsGLzskgvDARi5IzrJaSenNzQ3Wf9Xmgf+uZMpQ3fcjbLHDd6SEed64Q:2yMJfsw7gvD0i5Izl+hQmf9X/+U6Q38L

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.8281

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file win8dvd-1.0.0.0.exe has been seen being distributed by the following URL.

http://www.win8dvd.com/download

Remove win8dvd-1.0.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.