appcolor.exe

The application appcolor.exe has been detected as a potentially unwanted program by 36 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from facecores.com.
Version:
1.0.0.0

MD5:
74a973cb233ccef7c252cc06e466ad68

SHA-1:
e8ddd92fb8ca3030daf983cb952d9ad68909864e

SHA-256:
455226c6a4f80620edb343c20e2106fc8ec288fe62873a6e887f5494d779e4e3

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
3/20/2014 10:16:35 PM UTC  (ten months ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1608312
1051

Agnitum Outpost
PUA.PimpMyWindow
7.1.1

Avira AntiVirus
Adware/PimpMyWindow.j
7.11.151.112

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.PimpMyWindow
0.1.0.1

avast!
Win32:Dropper-gen [Drp]
2014.9-140320

AVG
Generic5
2016.0.3228

Baidu Antivirus
PUA.Win32.Agent
4.0.3.14320

Bitdefender
Trojan.GenericKD.1608312
1.0.20.395

Dr.Web
Trojan.DownLoader11.3915
9.0.1.016

Emsisoft Anti-Malware
Trojan.GenericKD.1608312
8.14.03.20.06

ESET NOD32
Win32/CoresParaSite
9.9848

Fortinet FortiGate
Adware/PimpMyWindow
1/16/2015

F-Secure
Trojan.GenericKD.1608312
11.2014-20-03_5

G Data
Trojan.GenericKD.1608312
14.3.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.PimpMyWindow
t3scan.1.6.1.0

Jiangmin
AdWare/PimpMyWindow.d
KV150116

K7 AntiVirus
Riskware
13.178.12184

K7 Gateway Antivirus
Riskware
13.178.12184

Kaspersky
not-a-virus:AdWare.Win32.PimpMyWindow
14.0.0.2633

Kingsoft AntiVirus
Win32.Troj.GenericKD.v.(kcloud)
331020.49267

Malwarebytes
Adware.PimpMyWindow
v2015.01.16.09

McAfee
Artemis!74A973CB233C
5600.7185

McAfee Web Gateway
Artemis!74A973CB233C
7.7185

MicroWorld eScan
Trojan.GenericKD.1608312
15.0.0.237

NANO AntiVirus
Riskware.Win32.PimpMyWindow.cxhksa
0.28.0.59921

nProtect
Trojan.GenericKD.1608312
14.03.20.02

Panda Antivirus
Trj/OCJ.D
15.01.16.09

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Quick Heal
AdWare.PimpMyWindow.g3 (Not a Virus)
1.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.16.9

Sophos
Generic PUA HN
4.98

Trend Micro House Call
TROJ_GEN.F47V0318
7.2.79

Trend Micro
ADW_ADPLUG
10.465.16

Vba32 AntiVirus
AdWare.PimpMyWindow
3.12.26.0

VIPRE Antivirus
Adware.Win32.PimpMyWindow
29618

Zillya! Antivirus
Adware.PimpMyWindow.Win32.2
2.0.0.1800

File size:
1.2 MB (1,306,624 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\user\downloads\appcolor.exe

File PE Metadata
Compilation timestamp:
3/16/2014 11:57:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ky30DExqbAE7MALaLC/DqQrUCqbnPh75xqR8+oeRyUlbfHfSe8mjKoNzWRCm:kyVsbAxLCDGCmJ7q8+rRyUlDfZNjKoNq

Entry address:
0x303D40

Entry point:
60, BE, 00, B0, 5C, 00, 8D, BE, 00, 60, E3, FF, C7, 87, 0C, CC, 1F, 00, 45, 5F, 92, A9, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
1.2 MB (1,282,048 bytes)

The file appcolor.exe has been seen being distributed by the following URL.

There are 3 known code variantions that share the same compilation structure.

34 / 68    (PUP)
appcolor.exe  1.0.0.0  (7d03a5dc8a1e4d5c63514a4233f505ef35f307ab)

35 / 68    (PUP)
appcolor.exe  1.0.0.0  (46073598ba86b0fef2ad349590a96a001315c20a)

34 / 68    (PUP)
appcolor.exe  1.0.0.0  (543748fb846c921c10ac59eefbf18e30868b1ff6)

Detection Incidence by Country