home

free anti virus software downloads.exe

ISfreemium

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application free anti virus software downloads.exe by ISfreemium has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from 50ftwares.com.
Publisher:
ISfreemium  (signed and verified)

MD5:
050a804aa74ff207b9498d4e859a50c5

SHA-1:
64b34dcdcad301134a335f6ef77de360fc7053c1

SHA-256:
38c07337bbd73f812de34874071283a53bd171d55385770fe8763bde3e8234b3

Scanner detections:
13 / 68

Status:
Adware

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 8:47:44 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.105.176

Boost by Reason
Adware.ISfreemium.c
2013.8.9.12

Comodo Security
ApplicUnwnt
17038

Dr.Web
Adware.InstallCore.124
9.0.1.0330

ESET NOD32
Win32/InstallCore.CF (variant)
7.8869

F-Prot
W32/InstallCore.R4.gen
v6.4.7.1.166

Malwarebytes
PUP.Optional.Freemium.A
v2013.11.26.10

McAfee
Artemis!050A804AA74F
5600.7270

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

Panda Antivirus
Suspicious file
13.11.26.10

Reason Heuristics
PUP.ISfreemium.c
14.8.7.18

Trend Micro House Call
TROJ_GEN.F47V0813
7.2.330

VIPRE Antivirus
InstallCore
22042

File size:
614.3 KB (629,088 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\free anti virus software downloads.exe

Digital Signature
Signed by:
ISfreemium

Authority:
COMODO CA Limited

Valid from:
7/2/2013 5:00:00 PM

Valid to:
7/3/2014 4:59:59 PM

Subject:
CN=ISfreemium, O=ISfreemium, STREET=63 Rothschild 63 BV, L=Tel-Aviv, S=N/A, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B517CAF08AA1A85822DB0CE5E9169FE

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:jkOyMJfsGyGqtoY368Q5w2QGcKStYSgsbhFSZIrJfP1PXWLqM:IOyMJfsZGqt6fQGcSq8YfP1PXYn

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.7758

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file free anti virus software downloads.exe has been seen being distributed by the following URL.

http://50ftwares.com/.../28021

Remove free anti virus software downloads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.