home

dnld.installcore.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain dnld.installcore.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in October of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Dublin City, Ireland (IE)

Create date:
Wednesday, October 13, 2010

Expires date:
Tuesday, October 13, 2015

Updated date:
Monday, September 29, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
installcore.com

Whois:
2 installcore.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Rising Antivirus
Trojan.Win32.Generic.12E3D637, PE:Malware.XPACK-LNR/Heur!1.5594
100.00%

Panda Antivirus
PUP/MultiToolbar.A, Adware/MultiToolbar
100.00%

Comodo Security
UnclassifiedMalware, Application.Win32.ClickRun.A
100.00%

VIPRE Antivirus
Click run software
100.00%

Sophos
Install Core Click run software
100.00%

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691, BScope.Malware-Cryptor.InstallCore.gen
100.00%

ESET NOD32
Win32/InstallCore.AF (variant), Win32/InstallCore.AJ (variant), Win32/InstallCore.AF potentially unwanted (variant)
100.00%

G Data
Win32.Application.Agent.LZ3LNO, Adware.Generic.268794
100.00%

Fortinet FortiGate
Riskware/InstallCore, Adware/Fam.NB
100.00%

AVG
InstallCore, MalSign.InstallCore
100.00%

McAfee
Artemis!3BA57C5ED0F2, Artemis!B74690FA62ED, Artemis!E0EF30CA73F3
100.00%

K7 AntiVirus
Unwanted-Program, Unwanted-Program
100.00%

Dr.Web
Adware.MediaFinder.2, Adware.InstallCore.53
100.00%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.Clickrunsoftware.T, PUP.Installer.Clickrunsoftware.x, Threat.ironSource.Clickrunsoftware
100.00%

F-Prot
W32/InstallCore.V2.gen
75.00%

The domain dnld.installcore.com has been seen to resolve to the following 5 IP addresses.

54.231.0.153
s3-1-w.amazonaws.com
May 6, 2015

54.231.12.233
s3-1-w.amazonaws.com
December 1, 2014

54.231.11.1
s3-1-w.amazonaws.com
September 9, 2014

54.231.10.153
s3-1-w.amazonaws.com
September 2, 2014

176.32.97.193
s3-1-w.amazonaws.com
April 11, 2014

File downloads found at URLs served by dnld.installcore.com.

47 / 68    (Adware)
http://dnld.installcore.com/cust/.../Baixaki_Downloader_v1.0.1.1804_AresGalaxy.exe  (e0ef30ca73f3abb96cc139d845b2632d)

9 / 68      (Adware)
http://dnld.installcore.com/cust/.../PDF_2012Setup_v1.0.1.1.exe  (66c9378da73f75a4249a018ac49d8c5b)

20 / 68    (Adware)
http://dnld.installcore.com/cust/.../Free_Download_ManagerSetup_v1.0.1.1573_release.exe  (icreinstall_free_download_managersetup_v1.0.1.1573_release.exe)

18 / 68    (PUP)
http://dnld.installcore.com/cust/.../Baixaki_Downloader_v1.0.1.1804_uTorrent.exe  (3ba57c5ed0f2dddb3510423fc501e5f5)

The following 8 files have been seen to comunicate with dnld.installcore.com in live environments.

TCP » 176.32.97.193:80
imf.exe (IObit Malware Fighter by IObit)

TCP » 176.32.97.193:80
imf.exe (IObit Malware Fighter by IObit)

TCP » 176.32.97.193:80
imf.exe (IObit Malware Fighter by IObit)

TCP » 176.32.97.193:80
imf.exe (IObit Malware Fighter by IObit)

TCP » 54.231.0.153:80
new_chrome.exe (Google Chrome by Google)

TCP » 54.231.10.153:80
java_runtime_enviroment_setup.exe (Web by Internet Prog)

TCP » 54.231.10.153:80
adobe_flash_setup.exe (Web by Software)

TCP » 54.231.11.1:80
imf.exe (IObit Malware Fighter by IObit)

URL:
http://dnld.installcore.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.