home

windows.8.codec.pack.v2.0.4.setup.exe

Cole Williams Software Limited

The application windows.8.codec.pack.v2.0.4.setup.exe by Cole Williams Software Limited has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.programosy.pl and multiple other hosts. While running, it connects to the Internet address 14.d7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Windows 8 - Codec Pack  (signed by Cole Williams Software Limited)

Product:
Windows 8 - Codec Pack

Version:
2.0.4.0415

MD5:
774cff220b61c58cdd916765e599f36b

SHA-1:
e87149df3245b4b8d9155cbc7da4b7159a1f982a

SHA-256:
ccd013d9561f3d89d7ae305ce3cc3b7a20989727340b72ecb7a3ab212002909d

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 6:53:51 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Spigot.67
9.0.1.0128

ESET NOD32
Win32/Toolbar.Widgi.N potentially unwanted (variant)
9.11593

Fortinet FortiGate
Riskware/Widgi
5/8/2015

K7 AntiVirus
Adware
13.203.15838

McAfee
Artemis!774CFF220B61
5600.6771

Trend Micro House Call
TROJ_GEN.R03EC0OE515
7.2.128

Trend Micro
TROJ_GEN.R03EC0OE515
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
40038

File size:
24.2 MB (25,409,760 bytes)

Copyright:
© 2015 Cole Williams

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\windows.8.codec.pack.v2.0.4.setup.exe

Digital Signature
Signed by:
Cole Williams Software Limited

Authority:
COMODO CA Limited

Valid from:
10/7/2014 1:00:00 AM

Valid to:
10/7/2017 12:59:59 AM

Subject:
CN=Cole Williams Software Limited, O=Cole Williams Software Limited, STREET=36 HIGH STREET, L=CLEETHORPES, S=North East Lincolnshire, PostalCode=DN35 8JN, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7B34F7BF986A7A767AD50C2534671750

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:WckS4+5wAJJFq60nuIyD/LT1db2X+dBvMa5U9eA0GOFKzURqydXpBqkIiZHNVDtr:WtE5J/gBnFaDBdbq+3t5U9S3dvxLzxl

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file windows.8.codec.pack.v2.0.4.setup.exe has been seen being distributed by the following 2 URLs.

http://www.programosy.pl/.../pobierz,windows-8-codec-pack,2.html

http://www.windows8codecs.com/download.php?download=codecpack

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 14.d7.24ae.ip4.static.sl-reverse.com  (174.36.215.20:80)

Remove windows.8.codec.pack.v2.0.4.setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.