win8dvd-1.0.0.0.exe

The application win8dvd-1.0.0.0.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from www.win8dvd.com.
MD5:
2d812a94e4422a981959c7830bd28b29

SHA-1:
1d3e9d78af9d06e23b0e79a88ceace191df96640

SHA-256:
6582d142aab4672adbcef438255fbe0da4867b1024a0db580d45509b7a2308fb

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/30/2024 8:52:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.106.230

Comodo Security
Application.Win32.Agent.Z
17082

Dr.Web
Adware.InstallCore.124
9.0.1.016

ESET NOD32
Win32/InstallCore.CF (variant)
10.8899

F-Prot
W32/InstallCore.R4.gen
v6.4.7.1.166

IKARUS anti.virus
SoftwareBundler
t3scan.2.0.127

Malwarebytes
PUP.Optional.Freemium.A
v2016.01.16.11

McAfee
Artemis!2D812A94E442
5600.6519

Microsoft Security Essentials
1.163.1557.0

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.16.11

Trend Micro House Call
TROJ_GEN.F47V0813
7.2.16

VIPRE Antivirus
InstallCore
22248

File size:
593.3 KB (607,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\win8dvd-1.0.0.0.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:2yMJfsGLzskgvDARi5IzrJaSenNzQ3Wf9Xmgf+uZMpQ3fcjbLHDd6SEed64Q:2yMJfsw7gvD0i5Izl+hQmf9X/+U6Q38L

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.8281

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file win8dvd-1.0.0.0.exe has been seen being distributed by the following URL.

Remove win8dvd-1.0.0.0.exe - Powered by Reason Core Security