» {5b45c778-c3fe-4e9e-ad3c-c2c5bffea690}.exe
Overview
Analysis
File Details

{5b45c778-c3fe-4e9e-ad3c-c2c5bffea690}.exe

The application {5b45c778-c3fe-4e9e-ad3c-c2c5bffea690}.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

MD5:

68e8976dc84743811e5a60414cbd6212

SHA-1:

963f7d272455d8f35b7f1a7bd0c7a72cb533f2e4

SHA-256:

7fc115c3e5af1248bda4199c2abb4b7c300ce678fc027c42ab22dd3a17b82e80

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 9:13:51 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.578896.5

7.11.169.248

AVG

Clickmein

2015.0.3367

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.14829

Dr.Web

infected with Trojan.Packed.24524

9.0.1.05190

ESET NOD32

Win32/InstallCore.BY potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/InstallCore

8/29/2014

K7 AntiVirus

Trojan

13.183.13198

McAfee

RDN/Generic PUP.x!c2s

5600.7023

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14827

Sophos

AnyProtect

4.98

Trend Micro House Call

TROJ_FAKEAV.BMC

7.2.241

Trend Micro

TROJ_FAKEAV.BMC

10.465.29

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

File size:

532.6 KB (545,430 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\iolo\safetynet\manual\{e94d9750-8c9a-4b38-8ff5-4fd6ee69aced}\{5b45c778-c3fe-4e9e-ad3c-c2c5bffea690}.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

12288:YqGWEMDh7v+8Xv2LqAOkLQXl7VOte8jeGe/XBXT+xsL2lB0TNpldddV:SWv7v+inBOEMe/XtaDB0TTF

Entry point:

50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, C7, 75, 2C, 44, 5B, 6C, 2C, 8B, E0, 51, 08, 00, 50, D5, 08, 00, 2A, 00, 00, 00, 7B, 35, 42, 34, 35, 43, 37, 37, 38, 2D, 43, 33, 46, 45, 2D, 34, 45, 39, 45, 2D, 41, 44, 33, 43, 2D, 43, 32, 43, 35, 42, 46, 46, 45, 41, 36, 39, 30, 7D, 2E, 65, 78, 65, CC, BD, 79, 5C, 13, 57, 17, 37, 3E, 21, 01, 02, 44, 41, C5, B5, 2E, D4, 46, AB, 22, CA, 88, B6, 0A, D8, 62, 00, 17, 5C, 40, 11, 14, 15, B7, 82, C6, 0D, 2C, 24, DA, 56, D1, A4, 91, 96, 61, A4, B5, CF, D3, ED, D1, B6, 4A, 6B... 
[+]

Remove {5b45c778-c3fe-4e9e-ad3c-c2c5bffea690}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.