home

icreinstall_alcohol52_fe_2.0.2.3929.exe

Alcohol Soft

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_alcohol52_fe_2.0.2.3929.exe by Alcohol Soft has been detected as a potentially unwanted program by 10 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.ex.ua and multiple other hosts.
Publisher:
Alcohol Soft  (signed and verified)

MD5:
fcd0cf6a794c2c5d8cc4ec47e22d0046

SHA-1:
1bbe8e29f0abd24bd54ec096b24af7ccdb15b05e

SHA-256:
4e9377ef28562d654a41e01862884aa43d48fbf52e1c31d57071621262c9e4cb

Scanner detections:
10 / 68

Status:
Clean  (10 possible false positive detections)

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 7:27:56 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.138.34

Clam AntiVirus
W32.Adware.InstallCore
0.98/18355

Comodo Security
UnclassifiedMalware
17966

Dr.Web
Adware.InstallCore.40
9.0.1.0112

ESET NOD32
Win32/InstallCore (variant)
8.9569

Fortinet FortiGate
Riskware/InstallCore
4/22/2014

Rising Antivirus
PE:Trojan.Win32.Generic.15381351!355996497
23.00.65.14420

Trend Micro House Call
ADW_INSTALLCORE
7.2.112

Trend Micro
ADW_INSTALLCORE
10.465.22

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.24.3

File size:
1.1 MB (1,108,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_alcohol52_fe_2.0.2.3929.exe

Digital Signature
Signed by:
Alcohol Soft

Authority:
VeriSign, Inc.

Valid from:
10/5/2011 1:00:00 AM

Valid to:
10/14/2012 12:59:59 AM

Subject:
CN=Alcohol Soft, OU=Alcohol Soft Development Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Alcohol Soft, L=Belfast, S=Antrim, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6525C72B7600FDD99F1E0DEAA4739606

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:sF8+95nRKdZTgACfQOZeISM44j4wszSSDe7v2+pGle1lYSTwEzBZT3gDH:sF8+95ovgACoOZehwVScv7pCenjTVcDH

Entry address:
0xC1CE8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 57, 5C, 48, 00, E8, 5B, EB, FF, FF, C0, 14, EE, 6B, 11, 59, B1, 0B, 57, 75, DA, E2, 12, 94, AC, B2, 50, 56, 6B, 8B, 7F, 25, 66, B0, 8A, 50, 88, 92, 6D, 61, 58, 8E, 9C, 8B, 3C, 5B, D6, 38, 5E, 50, 3D, EF, 95, F5, D6, 4E, 1F, 89, C8, 9F, 1B, 5D, F3, 5F, 0C, 47, C8, C3, D2, 86, 6F, F3, E8, CA, 9B, AE, CE, 48, B4, 6A, E9, 10, 1E, 45, 56, 06, CC, 46, 5D, 2D, 6F, BD, 95, 36, E5, DA, E6, 74, BD, AD, E5, B0, EE, 3F, 4F, 75, 26, 66, 9A, D3, 38, 91, D8, BE, A3, A3, 6A, 71, 2F, 92, 32, 7E...
 
[+]

Entropy:
6.7916

Developed / compiled with:
Microsoft Visual C++

Code size:
786.5 KB (805,376 bytes)

The file icreinstall_alcohol52_fe_2.0.2.3929.exe has been seen being distributed by the following 3 URLs.

http://www.ex.ua/.../23705483

ftp://a4398908191e72230ff298b10891373e:1341011171@ftpclubicb9b.clubic.com/.../alcohol-52-free_alcohol_52_2.0.2.3929_francais_25501.exe

http://software-files-a.cnet.com/s/software/12/51/40/.../Alcohol52_FE_2.0.2.3929.exe

Remove icreinstall_alcohol52_fe_2.0.2.3929.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.