home

{05b6ca66-ca7b-4e5f-9fb8-02a4838f6cce}.exe

The application {05b6ca66-ca7b-4e5f-9fb8-02a4838f6cce}.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
5bcc28c09ee977c333a14fdf6dcc5765

SHA-1:
880e2b2ecd2be7e75666f1f0be013aabfebbbd6d

SHA-256:
dde56dbd1554dcc7c944713dac117a27d9952e5a15b7f97d9159b763db04ac13

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 4:45:11 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Injected
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.169.248

Dr.Web
infected with Trojan.Packed.24524
9.0.1.05190

ESET NOD32
Win32/InstallCore.IT potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstallCore
14.8.24

Malwarebytes
PUP.Optional.Jumpyapps
v2014.08.29.05

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
InstallCore
32658

File size:
618.1 KB (632,932 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\iolo\safetynet\manual\{623825f0-a3e8-4a85-8e4a-436d89e425e1}\{05b6ca66-ca7b-4e5f-9fb8-02a4838f6cce}.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:X3tUXXb+zzkSa150I/87AOFYJbquL2HWfyYoPo5Pp32GWOkeWxeIy/vz:tIGzxa150I/sYoZHWf/2oX32GWOkTKz

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 31, 8C, 34, 44, 0B, 93, F6, 0F, AE, A7, 09, 00, 30, 65, 0A, 00, 2A, 00, 00, 00, 7B, 30, 35, 42, 36, 43, 41, 36, 36, 2D, 43, 41, 37, 42, 2D, 34, 45, 35, 46, 2D, 39, 46, 42, 38, 2D, 30, 32, 41, 34, 38, 33, 38, 46, 36, 43, 43, 45, 7D, 2E, 65, 78, 65, CC, BD, 7B, 5C, 54, E5, 16, 37, BE, E7, 02, 0C, 30, 3A, A8, 78, BF, 51, 8E, 26, 2A, C6, 88, 9E, 54, B0, 46, 61, 14, 4D, 74, 64, 44, 10, EF, 09, 84, 8A, 97, 60, 8F, 5A, 89, CE, 34, 72, 72, B3, E3, 64, 65, 9D, CE, C9, 3A, 99...
 
[+]

Remove {05b6ca66-ca7b-4e5f-9fb8-02a4838f6cce}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.