» font_installer.exe
Overview
Analysis
File Details
Downloads (1)

font_installer.exe

The application font_installer.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.fontfiles.net.

File name:

font_installer.exe

MD5:

bbfe8e4bf08a49fa5f9363a08c17405b

SHA-1:

bf8c3d31868f6d267de88b734e7fa722a88a9567

SHA-256:

dc7b77c6e71a327c0d3af7c0aa37c58f637f505850aa95a75c09863335d181bb

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/19/2024 10:29:49 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

PUA/InstallCore.Gen7

8.3.2.4

AVG

Adware BundleApp.LXU

2015.0.4460

Dr.Web

Adware.InstallCore.133

9.0.1.05190

ESET NOD32

Win32/InstallCore.DJ potentially unwanted application

7.0.302.0

F-Prot

W32/A-dbe1ec51

v6.4.7.1.166

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.212.18026

Malwarebytes

PUP.Optional.InstallCore

v2015.12.02.02

NANO AntiVirus

Riskware.Win32.InstallCore.dghhve

0.30.26.4751

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1077

Sophos

PUA 'Install Core'

5.15

Total Defense

Win32/InstallCore.A!generic

37.1.62.1

Vba32 AntiVirus

Downware.InstallCore

3.12.26.4

VIPRE Antivirus

Threat.4150696

45552

File size:

624.5 KB (639,496 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\Documents and Settings\{user}\My documents\downloads\font_installer.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:4oMJfsGN9wy8sxzin+yAcJJgq0ydbkA5Ew4LlKVJaEdjQB0dL9X+upd:fMJfsAGy8uin+DcJW7yJQlGwF0t9X

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.8267

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file font_installer.exe has been seen being distributed by the following URL.

http://download.fontfiles.net/cid/809722571.1380979673/download/fontfiles.net/.../Font_Installer.exe

Remove font_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.