» icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dnld.ironcust.com. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

MD5:

9cd106f25061d9c33d6fa72b50647d17

SHA-1:

b3331e46868cc612b35bad2d55cf252d81497c7e

SHA-256:

2bddae68f1f072944eca4e51fa59ecff764567925cc3afd5a3f6ee8895d8d912

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/19/2024 11:08:45 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.92.90

ESET NOD32

Win32/InstallCore.AZ (variant)

8.8604

Trend Micro House Call

TROJ_GEN.F47V0723

7.2.244

File size:

1.1 MB (1,161,216 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:lFU/6mO/USNiTO52+DPfNtSQuPRs9UeFQh8iRrrK6jnYp6o0chY8nyO+HtBup9gj:li6mO/USgTO5XjdViRrrK6jYp35Yn/og

Entry address:

0xDA5E0

Entry point:

55, 8B, EC, 83, C4, F0, B8, D8, F6, 41, 00, E8, 06, EC, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6307

Developed / compiled with:

Microsoft Visual C++

Code size:

885 KB (906,240 bytes)

The file icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe has been seen being distributed by the following URL.

http://dnld.ironcust.com/cust/.../Comodo_Internet_SecuritySetup_v1.0.1.6448_noOffer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_comodo_internet_securitysetup_v1.0.1.6448_nooffer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.