home

{56f45345-d13d-417e-b0d1-22a66b2ec313}.exe

The application {56f45345-d13d-417e-b0d1-22a66b2ec313}.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
00de5c0ded2c9e5c5defc3c5f65da036

SHA-1:
82fd1ea7b1eaa864fd97b8485fe392f13ad51148

SHA-256:
5dbd62a97e876a1fd924483dc48f51a2dc043230d4daaf2720ebf073592d3144

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 5:52:15 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AVG
Clickmein
2015.0.3367

Dr.Web
infected with Trojan.Packed.24524
9.0.1.05190

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
8/29/2014

Malwarebytes
PUP.Optional.InstallCore
v2014.08.29.05

McAfee
Artemis!B083FC1C17AD
5600.7023

Rising Antivirus
PE:Trojan.Win32.Generic.16D25936!382884150
23.00.65.14827

Sophos
AnyProtect
4.98

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

File size:
531.3 KB (544,027 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\iolo\safetynet\manual\{c0f0135b-7a1b-4551-9da2-af26d7efefbf}\{56f45345-d13d-417e-b0d1-22a66b2ec313}.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:NKAl1aAR15aLqHM1VCISUxVYpQgJEgGdLlwYkMRtvkijWBABmm:NvlR2LkM1YISU7YpfJtGvwovD

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 44, 75, 33, 44, C3, 99, 85, 63, 65, 4C, 08, 00, 20, CC, 08, 00, 2A, 00, 00, 00, 7B, 35, 36, 46, 34, 35, 33, 34, 35, 2D, 44, 31, 33, 44, 2D, 34, 31, 37, 45, 2D, 42, 30, 44, 31, 2D, 32, 32, 41, 36, 36, 42, 32, 45, 43, 33, 31, 33, 7D, 2E, 65, 78, 65, CC, BD, 79, 58, 53, D7, 16, 37, 7C, 42, 02, 26, 10, 05, 11, A7, 8A, 8A, 36, B6, CE, F5, 88, B6, 56, D4, 46, 01, 2B, 1A, 14, 45, 40, 9C, 07, B0, 11, 71, 28, 24, 0E, 75, 4A, 1A, B9, 35, 9C, 72, 6B, EF, B5, A3, D5, 62, A7, 6B...
 
[+]

Remove {56f45345-d13d-417e-b0d1-22a66b2ec313}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.