» {ab0af254-7f7a-4d7b-ac13-75adcbf63200}
Overview
Analysis
File Details

{ab0af254-7f7a-4d7b-ac13-75adcbf63200}

The file {ab0af254-7f7a-4d7b-ac13-75adcbf63200} has been detected as a potentially unwanted program by 14 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

MD5:

e504ad358ab8ed00a1f87b0569c4a30e

SHA-1:

143f36456fb41262f770bf6c67cb9a1bd673f446

SHA-256:

75dea6b28c68b84de554bfcec1c306bdcdecf564833dbef70f20f245c86562df

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/3/2024 4:23:36 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen6

7.11.98.72

Bitdefender

Application.InstallCore.BL

1.0.20.265

Comodo Security

UnclassifiedMalware

16830

Dr.Web

Adware.MediaFinder.2

9.0.1.053

ESET NOD32

Win32/InstallCore.AL (variant)

9.8731

F-Secure

Application.InstallCore.BL

11.2015-22-02_1

G Data

Application.InstallCore.BL

15.2.22

McAfee

Artemis!E504AD358AB8

5600.6847

MicroWorld eScan

Application.InstallCore.BL

16.0.0.159

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.22.8

Sophos

Install Core Click run software

4.91

Trend Micro House Call

TROJ_GEN.RCBZ1JT

7.2.53

Trend Micro

TROJ_GEN.RCBZ1JT

10.465.22

VIPRE Antivirus

Click run software

20918

File size:

1 MB (1,061,352 bytes)

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:ZuTLM8ltPR3e5KljbsfPbDd/UyMoJKRB3TrnMJvoSpY0JDDcLGLKIQ0EXt:GY8ltPRznsfPvd/UboJKRVDS7KLt04

Entry address:

0xC60A0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 2C, 3E, 41, 00, E8, 2E, FA, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

812 KB (831,488 bytes)

Remove {ab0af254-7f7a-4d7b-ac13-75adcbf63200} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.