windows 7 loader activator v2.9.6.exe

WinAutomation Job

Created with WinAutomation (http://www.WinAutomation.com)

The application windows 7 loader activator v2.9.6.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address p3nlhg304c1304.shr.prod.phx3.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Created with WinAutomation (http://www.WinAutomation.com)

Product:
WinAutomation Job

Version:
3.1.5.637

MD5:
45930ef78651756b74695c255e86db20

SHA-1:
3199d44a07d1ae908b18819cd4f66fa3fd0625b1

SHA-256:
3a1e6270eb3423c30a2a030e4ab76051422995bc8b0abdb6b37dd1237aab29e8

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 1:54:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.18738
338

AegisLab AV Signature
Troj.FakeSkype
2.1.4+

Avira AntiVirus
TR/Spy.Agent.2564096.2
8.3.3.2

Arcabit
Trojan.Razy.D4932
1.0.0.656

avast!
Win32:Malware-gen
2014.9-160303

AVG
PSW.MSIL
2017.0.2816

Bitdefender
Gen:Variant.Razy.18738
1.0.20.315

Dr.Web
Trojan.DownLoader19.38097
9.0.1.063

Emsisoft Anti-Malware
Gen:Variant.Razy.18738
8.16.03.03.01

ESET NOD32
MSIL/Spy.Agent.AKI (variant)
10.13114

Fortinet FortiGate
PossibleThreat.P0
3/3/2016

F-Secure
Gen:Variant.Razy.18738
11.2016-03-03_5

G Data
Gen:Variant.Razy.18738
16.3.25

IKARUS anti.virus
PUA.InstallCore
t3scan.2.0.8.0

K7 AntiVirus
Spyware
13.214.18915

Kaspersky
Trojan.Win32.Agent.neubnf
14.0.0.575

McAfee
Artemis!45930EF78651
5600.6472

MicroWorld eScan
Gen:Variant.Razy.18738
17.0.0.189

NANO AntiVirus
Trojan.Win32.Agent.easmqa
1.0.18.6677

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16301

VIPRE Antivirus
Trojan.Win32.Generic
47606

File size:
2.4 MB (2,564,096 bytes)

Product version:
3.1.5.637

Copyright:
Copyright © Softomotive Ltd 2005-2011

Original file name:
tmpE96F.tmp

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
2/28/2016 11:56:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:PZK3HLJuhEr1b+T3yA1lcAbbW2SQz9nIDtm9B3YCjsil1z9mVfuVJFg5oK7:hiMR9nIhU1cRuVJFgCK7

Entry address:
0x2620CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7878

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.4 MB (2,494,464 bytes)

User Start Menu Item
Name:
Pro_upg.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to p3nlhg304c1304.shr.prod.phx3.secureserver.net  (50.63.38.1:80)

Remove windows 7 loader activator v2.9.6.exe - Powered by Reason Core Security