home

alcor micro usb 2.0 card reader.exe

Alexey Kurilenko

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application alcor micro usb 2.0 card reader.exe, “Installer for Excellent4App” by Alexey Kurilenko has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Excellent4App  (signed by Alexey Kurilenko)

Product:
Excellent4App

Description:
Installer for Excellent4App

Version:
2014.5.18.1727

MD5:
788446148f6793b33f7e964021f4d3a5

SHA-1:
e87e4085dba3ec85c7713bb54d283c89609116ce

SHA-256:
0f667b91464ea1e9e1cce45ac76a9fb3a13184b043e2b1a94ac7d3fa8658aaff

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/23/2024 6:18:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.AntiFW
7.1.1

AhnLab V3 Security
PUP/Win32.TSULoader
2014.07.23

Avira AntiVirus
Adware/InstallRex.HI
7.11.163.108

avast!
Win32:InstalleRex-AZ [PUP]
140617-1

Bkav FE
HW32.CDB
1.3.0.4959

Clam AntiVirus
Win.Trojan.Antifw-9
0.98/19168

Comodo Security
Application.Win32.InstalleRex.KG
18936

Dr.Web
Trojan.WebPick.2533
9.0.1.05190

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstalleRex
14.7.24

IKARUS anti.virus
PUP.InstallRex
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12806

Kaspersky
Trojan.Win32.AntiFW
15.0.0.494

Malwarebytes
PUP.Optional.Excellent4App
v2014.07.22.05

McAfee
PUP-FHQ
5600.7061

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
0.28.2.60990

nProtect
Trojan/W32.AntiFW.323696
14.07.22.01

Panda Antivirus
PUP/TSUploader
14.07.22.05

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.A5
7.14.14.00

Reason Heuristics
Adware.WebPick.Installer.EE
14.8.15.15

Rising Antivirus
PE:Trojan.AntiFW!6.1979
23.00.65.14720

Sophos
InstallRex
4.98

Vba32 AntiVirus
Downware.TSU
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
316.1 KB (323,696 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 Excellent4App

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
WebPick InstalleRex (Tarma)

Common path:
C:\users\{user}\downloads\alcor micro usb 2.0 card reader.exe

Digital Signature
Signed by:
Alexey Kurilenko

Authority:
COMODO CA Limited

Valid from:
7/19/2013 2:00:00 AM

Valid to:
7/20/2014 1:59:59 AM

Subject:
CN=Alexey Kurilenko, O=Alexey Kurilenko, STREET="Str. Sums'ka, 28", L=Kharkiv, S=Kharkivska, PostalCode=61057, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC26735E2AD490D07645FA7A606FA1EE

File PE Metadata
Compilation timestamp:
3/12/2013 9:51:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:nr4bUzkuvcBYC47l2x9bpAJiqS1JDoU0/JleWvJ6AbJbkvIxBu4Ti3iQT:nr9kuveY3ImYZ15oU0/HtbJbkgXJGyQT

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove alcor micro usb 2.0 card reader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.