» hair-stylist.exe
Overview
Analysis
File Details
Downloads (1)

hair-stylist.exe

The application hair-stylist.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from installerlaunch-gn2.com.

File name:

hair-stylist.exe

MD5:

d4dafebb2ecf842bf56bbe941ddca300

SHA-1:

f8ae24fa40bccd2441443fc29d72f112dc7cfbae

SHA-256:

b9d5c82475c3db9d4e78642ef36ad9bbf790d5864d4fe471dc6acc2d8aebf829

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 8:53:26 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:InstallCore-GD [PUP]

151217-3

AVG

Adware InstallCore.AAD

2015.0.4477

Dr.Web

Adware.InstallCore.21

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.127583

10.0.0.5366

ESET NOD32

Win32/InstallCore.BH potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Zusy.127583

5.15.21

Sophos

PUA 'Install Core'

5.22

VIPRE Antivirus

Threat.4835495

45918

File size:

617.6 KB (632,440 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hair-stylist.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:yc5fO4vJSbZNnN9wPax9nobWTCqZ11f1WsA5Ht10bNYy7ozhk:yc9lveZNnNqPax9nUq31tWlRb0bNYyOG

Entry address:

0x1326E0

Entry point:

60, BE, 00, 10, 4A, 00, 8D, BE, 00, 00, F6, FF, C7, 87, 10, 47, 0E, 00, 04, DB, 64, 69, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8708

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

584 KB (598,016 bytes)

The file hair-stylist.exe has been seen being distributed by the following URL.

http://installerlaunch-gn2.com/index.php?dl=download.installerlaunch-gn2.com/gn/gn_7126.exe&dn=hair-stylist.exe&sid=4721-ISM-v1&pid=1293&browser=chrome&ptrk=upu3dsrlibgs56d97ptefusl61&SKIP_ALL=false&UNINSTALL=false&DOP=2&typ=http://.../ty.php

Remove hair-stylist.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.