» fbf-tactics.pdf_downloader.exe
Overview
Analysis
File Details

fbf-tactics.pdf_downloader.exe

The application fbf-tactics.pdf_downloader.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

MD5:

0b2e86390316959ac29c4850a4e6b46c

SHA-1:

23ce44f4d24e762690ee7849660cf60cd696ccd7

SHA-256:

32c956fe92490f949cec81dbfb468a6fa2847fbd58ba24c5834c0e4bb0fc9a71

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 6:11:56 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

APPL/Downloader.Gen6

7.11.180.122

AVG

Adware InstallCore.S

2014.0.4040

Bkav FE

W32.HfsAutoA

1.3.0.4959

Clam AntiVirus

W32.Adware.InstallCore-1

0.98/21411

Comodo Security

Application.Win32.ClickRun.A

19871

Dr.Web

Adware.InstallCore.43

9.0.1.05190

ESET NOD32

Win32/InstallCore.T potentially unwanted application

7.0.302.0

F-Prot

W32/InstallCore.C.gen

4.6.5.141

K7 AntiVirus

Unwanted-Program

13.184.13741

NANO AntiVirus

Riskware.Win32.InstallCore.vfozy

0.28.2.62841

nProtect

Trojan/W32.Agent.1056016

14.10.21.01

Panda Antivirus

PUP/MultiToolbar.A

14.11.02.02

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.2.14

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141020

Sophos

Install Core Click run software

4.98

SUPERAntiSpyware

Adware.InstallCore

10284

Total Defense

Win32/InstallCore!Adware

37.0.11242

Trend Micro House Call

HV_INSTALLCORE_CA2237DE.TOMC

7.2.295

VIPRE Antivirus

Threat.4754767

33706

File size:

1 MB (1,056,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\fbf-tactics.pdf_downloader.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:oi7O7HmuPfGm5WWHLHnbSAgtobd1JY4R3ia/2wBeASsDdbupZimMNA/oAVkjIEsT:oKbm5WWHfCy1J/srooswNMtIAo7oS

Entry address:

0xC178B

Entry point:

55, 8B, EC, 83, C4, F0, B8, 55, 8D, 48, 00, E8, 7B, EA, FF, FF, 66, 61, 63, 65, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 46, 06, 53, 79, 73, 74, 65, 6D, 03, 00, FF, FF, CC, 83, 44, 24, 04, F8, E9, 89, 4E, 00, 00, 83, 44, 24, 04, F8, E9, A7, 4E, 00, 00, 83, 44, 24, 04, F8, E9, B1, 4E, 00, 00, CC, 7D, 11, 40, 00, 87, 11, 40, 00, 91, 11, 40, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 46, 9C, 11, 40, 00, 08, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

787 KB (805,888 bytes)

Remove fbf-tactics.pdf_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.