home

windows-8-consumer-preview-todownload.exe

The application windows-8-consumer-preview-todownload.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from windows-8-consumer-preview.todownload.com.
MD5:
e5d5804fef94ca55b64233783ed39d9a

SHA-1:
5211513a7baf34639fd82feacb3f478306badc1a

SHA-256:
bfcf3125f6131b7f8996bc61584be1c24b4765685374631ada5adac37a0ab54c

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 3:01:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.13.34
7.11.40.238

avast!
Win32:InstallCore-GV [PUP]
2014.9-151129

Bitdefender
Gen:Variant.Application.InstallCore.13
1.0.20.1665

Comodo Security
UnclassifiedMalware
13326

Dr.Web
Adware.InstallCore.59
9.0.1.0333

ESET NOD32
Win32/InstallCore.AM (variant)
9.7415

F-Prot
W32/InstallCore.G.gen
v6.4.6.5.141

F-Secure
Gen:Variant.Application.InstallCore.13
11.2015-29-11_1

G Data
Gen:Variant.Application.InstallCore.13
15.11.22

K7 AntiVirus
Unwanted-Program
13.147.7534

Reason Heuristics
Threat.Win.Reputation.IMP
15.11.29.13

Sophos
Install Core Click run software
4.80

VIPRE Antivirus
Click run software
12766

File size:
1 MB (1,096,976 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows-8-consumer-preview-todownload.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:31nZePuTJyGoDz1xMUzoz9m76jx4GRU87wmww58IgXm4:zePODUZWkGdL372w5/Q

Entry address:
0xCB930

Entry point:
55, 8B, EC, 83, C4, F0, B8, 70, FB, 40, 00, E8, FD, D4, FF, FF, 57, 55, 83, C4, F4, 89, 4C, 24, 04, 89, 14, 24, 8B, D0, 8B, EA, 81, E5, 00, F0, FF, FF, 03, 14, 24, 81, C2, FF, 0F, 00, 00, 81, E2, 00, F0, FF, FF, 89, 54, 24, 08, 8B, 44, 24, 04, 89, 28, 8B, 44, 24, 08, 2B, C5, 8B, 54, 24, 04, 89, 42, 04, 8B, 35, E4, 35, 47, 00, EB, 3C, 8B, 5E, 08, 8B, 7E, 0C, 03, FB, 3B, EB, 76, 02, 8B, DD, 3B, 7C, 24, 08, 76, 04, 8B, 7C, 24, 08, 3B, FB, 76, 1E, 6A, 04, 68, 00, 10, 00, 00, 2B, FB, 57, 53, E8, 26, FC, FF, FF...
 
[+]

Entropy:
6.9543

Developed / compiled with:
Microsoft Visual C++

Code size:
829.5 KB (849,408 bytes)

The file windows-8-consumer-preview-todownload.exe has been seen being distributed by the following URL.

http://windows-8-consumer-preview.todownload.com/get/file/.../796203?gclid=CP7brZyk-bECFcYKfAoddxkABQ&

Remove windows-8-consumer-preview-todownload.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.