home

cce3dc1ca28a2a9495eca539614a30ce.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application cce3dc1ca28a2a9495eca539614a30ce.exe by Free Software has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from daemon-tools.descargar.es.
Publisher:
Free Software LLC  (signed and verified)

MD5:
cce3dc1ca28a2a9495eca539614a30ce

SHA-1:
85d85410f85b7871b3915aef7b9c53d9b8964b96

SHA-256:
0e00c62872e81f332c4452a6efb281f626cdc87f844aa9db4bb908b4f9b7a87e

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/4/2024 10:22:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AVG
Generic
2015.0.3383

Dr.Web
infected with Trojan.Packed.28459
9.0.1.0300

ESET NOD32
Win32/InstallCore.PU potentially unwanted application
8.7.0.302.0

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

herdProtect (fuzzy)
variant of installer_java_english.exe (Adware)
2014.10.28.1

Malwarebytes
PUP.Optional.InstallCore
v2014.08.14.12

McAfee
Adware-DomaIQ
5600.7039

Reason Heuristics
PUP.FreeSoftware.a
14.8.13.22

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4783262
32210

File size:
885.1 KB (906,360 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\cce3dc1ca28a2a9495eca539614a30ce.exe

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 3:08:01 AM

Valid to:
7/22/2015 4:23:49 AM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:pLyqnXpVEJ6vLN8fzx4T44XXR4XD51+/WNJTvW:lyqnPrezEdX2XD5gkVW

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9897

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file cce3dc1ca28a2a9495eca539614a30ce.exe has been seen being distributed by the following URL.

http://daemon-tools.descargar.es/down.php

Remove cce3dc1ca28a2a9495eca539614a30ce.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.