» full version and crack.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

full version and crack.exe

Ivan Kostin

This program bundles adware during the download and install process using the InstaleRex pay-per-install app monetizer. The application full version and crack.exe, “Installer for WinterSoft” by Ivan Kostin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The file has been seen being downloaded from greatfilesarey.asia. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.

File name:

Publisher:

WinterSoft (signed by Ivan Kostin)

Product:

WinterSoft

Description:

Installer for WinterSoft

Version:

2013.10.31.1157

MD5:

763d1fcd0a6b95dbe2a6755bca55619b

SHA-1:

4760f355f3a0a410b8c8b05644ad22d5f6d9280f

SHA-256:

ee0a24cee1e2f05b52ff436fa97bf8f038b841ab2899dbbef8d707de70a003b2

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses Web-Pick's 'File Product', an Installer which wraps various products and downloads and installs it silently through the process, hosted on TusFiles.

Analysis date:

4/19/2024 5:39:34 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware (M)

16.7.26.5

File size:

304.3 KB (311,552 bytes)

Product version:

1.0.0.1

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\full version and crack.exe

Digital Signature

Signed by:

Ivan Kostin

Authority:

COMODO CA Limited

Valid from:

8/25/2013 7:00:00 AM

Valid to:

8/26/2014 6:59:59 AM

Subject:

CN=Ivan Kostin, O=Ivan Kostin, STREET=Pobedy 33/1, L=Kyiv, S=Kyiv, PostalCode=03170, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EB11D24CE6DDBBF752FE4DC3D683D2BF

File PE Metadata

Compilation timestamp:

3/12/2013 3:51:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:yrkw6Y0JQBkQRl7174NpNUM+UHs+tPvpqvpQAy+L9hMk+W60z4RRWg:yrkw63yRl1uqM+gs+tPvEpPy+rMzug

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file full version and crack.exe has been seen being distributed by the following URL.

http://greatfilesarey.asia/.../?installer_file_name=Full Version And Crack&product_name=Full Version And Crack

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove full version and crack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.