home

divxforwindows.exe

Installer

OpenInstall, Inc.

The application divxforwindows.exe by OpenInstall has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
OpenInstall   (signed by OpenInstall, Inc.)

Product:
Installer

Version:
1,18,0,2771

MD5:
b48f81e369405f7d81e08d49c5582f37

SHA-1:
af24c2969f866f508d1e67f60f09e50c48f9b48d

SHA-256:
798cf17b6f23c25ef65067984818bd558fe0946ddad890121f3a3dcb3279aa24

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
4/19/2024 10:36:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenInstall.Installer (M)
16.2.1.5

File size:
358.1 KB (366,704 bytes)

Product version:
1,18,0,2771

Copyright:
Copyright © 2012

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\divxforwindows.exe

Digital Signature
Signed by:
OpenInstall, Inc.

Authority:
DigiCert Inc

Valid from:
11/20/2011 4:00:00 PM

Valid to:
1/24/2013 4:00:00 AM

Subject:
CN="OpenInstall, Inc.", O="OpenInstall, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07AE9941492080181D2477353500DE05

File PE Metadata
Compilation timestamp:
7/27/2012 5:32:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:OVsCNZZi8bDZwxj20RnV6uYcl2mUCtUxjNStsDs9CQRzgEi:OVsCNLiGZ2jlV6uBUxhStsDlQRc

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Entropy:
7.4892

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove divxforwindows.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.