» ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3
Overview
Analysis
File Details
Downloads (1)

ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3

Program Setup

SecuredDownload

The file ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from tmpfile7631.s3.amazonaws.com.

File name:

Publisher:

SecuredDownload

Product:

Program Setup

Version:

1.0.5.a0.1_59214

MD5:

e8f4debf6b374ca4ed60f48945eabac3

SHA-1:

e068cea5700731b220752e4c242c6ba9464852ed

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

6/2/2024 9:06:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (L)

16.7.16.22

File size:

915.9 KB (937,880 bytes)

Product version:

1.0.5.a0.1_59214

SecuredDownload

Language:

Language Neutral

Common path:

C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3

The file ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3 has been seen being distributed by the following URL.

https://tmpfile7631.s3.amazonaws.com/downloadstart/ic_trackings/29885/.../desktop-calendar.exe

Remove ce47f3ca-ebb1-a8cb-0bb5-0f9555638e68_1d1d2208af7f8e3 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.