» windows-movie-maker-2012-16-4-3522-0110-32-bits.exe
Overview
Analysis
File Details
Downloads (3)

windows-movie-maker-2012-16-4-3522-0110-32-bits.exe

The application windows-movie-maker-2012-16-4-3522-0110-32-bits.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.likelyaa.com and multiple other hosts.

File name:

Version:

0.0.0.0

MD5:

78e0a85f4b55eefe2f57f38f81d36e5d

SHA-1:

de124f4699044bacc6291b61e861c6f1e43a928b

SHA-256:

8136cd2c975cf52973e48b2d0af1617bb51e0b0b3daacf4369a7f73ee98bc989

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/26/2024 11:42:16 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen9

7.11.201.134

avast!

Win32:Rootkit-gen [Rtk]

2014.9-151030

AVG

Generic

2016.0.2940

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.151030

Comodo Security

Application.Win32.InstallCore.ABQE

20717

Dr.Web

Trojan.InstallCore.41

9.0.1.0303

ESET NOD32

Win32/InstallCore.UQ (variant)

9.11018

Fortinet FortiGate

Riskware/InstallCore

10/30/2015

K7 AntiVirus

Trojan

13.191.14652

Malwarebytes

PUP.Optional.NoZebra

v2015.10.30.04

McAfee

Artemis!78E0A85F4B55

5600.6596

NANO AntiVirus

Trojan.Win32.InstallCore.dlzjfb

0.30.0.64448

Norman

Troj_Generic.XVWDY

11.20151030

Sophos

Generic PUA NO

4.98

Trend Micro House Call

Suspicious_GEN.F47V1229

7.2.303

Trend Micro

TROJ_GE.2C54B110

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

36678

File size:

687.5 KB (704,021 bytes)

Product version:

0.0.0.0

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windows-movie-maker-2012-16-4-3522-0110-32-bits.exe

File PE Metadata

Compilation timestamp:

10/7/2014 1:40:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:fZfzuOWYfvjjux4bZXvLmBTcNl8VpSC5x/Nm3Yw541ponGD4TXJ42QwNC:hfzueju6Z/LmBCl6pSUxIov12A4rlC

Entry address:

0x30E2

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file windows-movie-maker-2012-16-4-3522-0110-32-bits.exe has been seen being distributed by the following 3 URLs.

http://d.likelyaa.com/?ic_user_id=9289&data=WyNp0NxhveA8u759r7WLX10BWp7JTfw227nc4VeLxWm 703SMHaHz6La2bNFrYMPEFdod77l4VR0Uj9hNQjWDMUQhq99TALvyv2BfXoRO03/Vk2FA1QRMJTRVMAe8P2zrZcDfnLHPEzioA1/agvi77uwI117bjv9irLZ5gcl62cDr1EJ2qcjg iJygciOCep/XrJ5yrVcWC T2ChNNRC9E/LMdM0t5D3nWT/LNWm3lTfnt6vJBSmSeJBtGGigUIwHuOJwMrmmxa3Ostqh3ZsQs7aZDok0UYfvIaSs5xi4QaKdM9S7C59oTvxwEmS1tNxT7bnYDi2EXlfsyAVQ8d zVgJfRM603U1Zkl78bTO1CKtvaCB689xlu0Za0oXpcVKiLFPhllL9RyjZj0WAzzdgAdE uGq5cqwso JXHGTaDcsSkcQjd9NT2JrYugKmLQ6VwR eboGjL92hkweefbus80nSSrRRxaAcqryQRPP7KXllvFqjnEnbmOMU0O4s5Y4R6xvYlyUHoGqMTxZYJil4SyVFEUhUKydQJrF8CIs0mlPQn33PKqY2KheWQiGKKRRuYfv1IPHnegrDD2vSWbRTeTUBM2VAGrhvVT 7mNm4gS6SYWruuAM/DAu6xor1QMhzRnU0Bj776F4iIYrZW19aIAPTG0yJgnbZoqUE9wM4GvUM1jMKmG/0E0QdwrSxxRNrDTKiuAbwlhbPVcm3z0T86Tb4hsBpQu0qo/hbuTKEhyl84b9fkBQm4ORbZkCDww4Mp6hGXOLngqSk5eCUCqOzi9YRB2Pr6 9XNrfKIcAD7/82hbBAagFYo0UPJzVgjBHg==&key=ixz95XXqGbyAtCCsuZvxeGjwHA/.../TtVByrXDC3ZpipR13PsefZrrjHrtfCCx2G8Uo7spy7JRyWt6RqTuJ66IAlmslLpvASyWmFO4KTFHA

http://d.baixakifiles2.com/?ic_user_id=9289&data=e4fJzWQNKMuAIF z3TKtjZaDqJ1whekEX hwRFDYyGlNLrHMvUBRR mOUlIANyeb4156o/edmHMZnT7l0COmrc0waiAnxfdCMVNOh2yjO404DypEu6qxRYTnUb2NrpprU8yuRwOaUz6o1s7g1mC8EQO2dX5 99NS7PqCz5uj FnwFkHfDMNP1koC2qQi71Zi267YXiRbbPn77Fd78E9W/LuTQq1qdIAukUEGeOoXsvyZb31Q0GKW0ERHHsgG4qqJRCJ36OyvGYcT1T5O73AA0OilcRBYYrfPzpr5JoWV1d3vS7VdW6Q Jrkr16omscsBQoScKX4wihJIP4HhuWTRlEWl0OuEPpST8EEvVdcnT3dMgSi/4JUxoHHIaPlN3 JiR70fW03WDDVA8qo/PCnCA4SNK uWHJI2MqVKSCPTn0Z45b0dbjiwnllsLOEzBsae1Lgjn2HuccaKH78GxkKqkX tsNTHEP1FMm790jpcrvfiTEcMntIKWRDWuy5ttWi4Cf/FNcmVQCoehOMlYb339vYf8mY/8 hy 8eZs92SiGD5QFTK2BC0fbMH6iRKR8 9ZhAkZLajmuq3xdQ5DRV8h7hCPA/D1u4mr07GNEQ7StLfjtqFCvr1OKDy9gBvded8sFpZmMuasqtCtYs3v5WQWdtm2DwgHJsGeKtoxhWQQ56G9 1a6wzK8cZx1o0x9trDqH7WO7jy74sYXpEhIljiBLg7LWUWcUQ9208vWEaIp/Sx6mfEA50c4a2nh9DWVA9lqgqCmCVor6uEm6ukKmtbe2r1npiw2CM2cxR94FNjw/.../gJIn ghbpNkozBP4CXW2rSbG2SwDZi3ieIFpHBAOH

http://d.likelyaa.com/?ic_user_id=9289&data=f0dKPvltgxhCRiAFYvmgR02BNW 3h52UTa5IhWh3BDd3UiXmIiG9CLJP34STWmVQlciC8hMxNy3D4ZaAGzqlziuRrq7T2DIUvC4ztE4bzCwr CIouYvcCkLl7fnbyi42HK1Djq9dLRFgcQNIJWdKFP52vB wZQHWX4Oq49SorikksO1aHCv084m7P8VuPNL3A3PMOtXbhaYxtJ8qr85s20VCmQB1qyI07 XzTZ0rd03JXeW RjQebcmqfto7Owe8yL9c/QCAV LpThpiFHEwZa4DX/kPu5z1ON3wTjkzmQbPS0qrC1V U/E5ut70tNfX14sLDx0MIFf2eeb56aY9oiWlNtIxuwJTEntBCWgPISR4aJJ7yCXEqq6amVwfdiJgyF8ZlMbRQttaoiUNgojRGxkAeQAMvGgdwe19LzFxs2ADop7tmhdfJ1PhnsXzuGsGTCnkCLFdgO3Fjvh/qmbinMcKDHBe4yOsXWKiXeTG38Q9B5WxoNUJMd /XGgnOedS87PK WTEofnsYKsp8173EelKtvU8aue5oOrK1ldnJByOZjeemL603G9VX C/fH14tSBTs3lKRNu0wV5AFOcuGR7U86PdacDaWpeP/ 3pBzJd/I4sCjpCgHvmmtffMCmihaVSPe4uzylUaVHOBIoeZwbV2ln03iNiYijp9Fjj6S25AQCe7Ao9lfhSqveegiNipQ5CyorXqvsN78WEvnifFw/5Yl5ARMmzHW1xaQB2Pr2c9nR YmAcOSdYqCaBW2znDI4v/BmVVRgvp2cUaudn7qbKyHj5T06g/JwXa6skKlTkPKKg6Y2BID9TyNYoS 8nTA==&key=ssNZm8SqIwg/tiQ3yJuIg1WYTaQ8Pjp/EQh4I88ugmojDFIfs7pemGJNN5eLgNLHvs/.../crv

Remove windows-movie-maker-2012-16-4-3522-0110-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.