home

forex_millionaire_code_downloader.exe

Click run software

The application forex_millionaire_code_downloader.exe by Click run software has been detected as adware by 30 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Click run software  (signed and verified)

MD5:
a1f7f521a710ef6f1f4f483cf38150e6

SHA-1:
6c3d0123a762ae7761130a503f8f9d680b14192c

SHA-256:
07a552684424a4c024b114141159648d4f156aa763ef58d70263ccd00b194dcf

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/18/2024 12:07:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.InstallCore.AY
6209648

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
PUP/Win32.InstallCore
2014.10.31

Avira AntiVirus
APPL/Downloader.Gen6
7.11.168.254

avast!
Win32:InstallCore-CL [PUP]
2014.9-150401

AVG
Win.Threat.Medium
2016.0.3152

Bitdefender
Application.InstallCore.AY
1.0.20.455

Bkav FE
HW32.Laneul
1.3.0.4959

Clam AntiVirus
Win.Adware.Installcore-135
0.98/19305

Comodo Security
Application.Win32.ClickRun.G
19305

Dr.Web
Adware.MediaFinder.2
9.0.1.091

Emsisoft Anti-Malware
Application.InstallCore.AY
9.0.0.4799

ESET NOD32
Win32/InstallCore.AF potentially unwanted application
9.7.0.302.0

F-Prot
W32/InstallCore.V.gen
v6.4.6.5.141

F-Secure
Application.InstallCore.AY
11.2015-01-04_4

G Data
Application.InstallCore.AY
15.4.24

herdProtect (fuzzy)
variant of master_scalper_downloader.exe (Adware)
2015.7.6.10

K7 AntiVirus
Adware
13.183.13319

MicroWorld eScan
Application.InstallCore.AY
16.0.0.273

NANO AntiVirus
Riskware.Win32.MediaFinder.cwflux
0.28.2.61721

Norman
Application.InstallCore.AY
03.12.2014 13:20:04

Panda Antivirus
PUP/MultiToolbar.A
15.04.01.03

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.ironSource
15.4.1.15

Rising Antivirus
PE:Malware.InstallCore!6.93E
23.00.65.15330

Sophos
Install Core Click run software
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-InstallCore
9962

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.3

VIPRE Antivirus
Threat.4754767
32210

Zillya! Antivirus
Trojan.Black.Win32.22679
2.0.0.2123

File size:
1.1 MB (1,103,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\forex_millionaire_code_downloader.exe

Digital Signature
Signed by:
Click run software

Authority:
COMODO CA Limited

Valid from:
4/19/2012 1:00:00 AM

Valid to:
4/20/2013 12:59:59 AM

Subject:
CN=Click run software, O=Click run software, STREET=63 Rotshylid Shderot, L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A243E49C0DAF69F7C5ACF083EB184161

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ax2pV7/J3yj8TwE7o5akoHhS6FHEBMzLazZ+naolkk1C1Sc0dEhjNgMy:ax21iATrlS6FHEBGLy+naoPDc1E

Entry address:
0xC9A80

Entry point:
55, 8B, EC, 83, C4, F0, B8, 40, 37, 41, 00, E8, 3D, FA, FF, FF, 8C, 11, 40, 00, 08, 00, 00, 00, 00, 00, 00, 00, 04, 12, 40, 00, 98, 11, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 12, 40, 00, 0C, 00, 00, 00, C8, 10, 40, 00, 3C, 37, 40, 00, FC, 5F, 40, 00, 08, 60, 40, 00, 50, 37, 40, 00, 44, 37, 40, 00, 18, 60, 40, 00, A8, 34, 40, 00, E4, 34, 40, 00, 11, 54, 49, 6E, 74, 65, 72, 66, 61, 63, 65, 64, 4F, 62, 6A, 65, 63, 74, 8B, C0, 1C, 12, 40, 00...
 
[+]

Entropy:
6.9481

Developed / compiled with:
Microsoft Visual C++

Code size:
818 KB (837,632 bytes)

Remove forex_millionaire_code_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.