» icreinstall_flvplayersetup.exe
Overview
Analysis
File Details
Network (2)

icreinstall_flvplayersetup.exe

FLV Player

Install Core

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_flvplayersetup.exe, “FLV Player Installer” by Install Core has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

FLV Player Technologies (signed by Install Core)

Product:

FLV Player

Description:

FLV Player Installer

Version:

3.1.0.0

MD5:

815cb3d1e19c6a535f1ee02d760f964b

SHA-1:

b2778cc873a3b4cd4ccc3c12037ec2746d14987b

SHA-256:

36d5223dc11b8c127cd81ff45897ff92c1050b58c873aca397225886fc24f0de

Scanner detections:

33 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 1:31:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.224936

828

Agnitum Outpost

Trojan.Genome

7.1.1

AhnLab V3 Security

Packed/Win32.InstallCore

14.10.30

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:InstallCore-F [PUP]

2014.9-141030

Bitdefender

Gen:Variant.Adware.Graftor.31818

1.0.20.1515

Clam AntiVirus

W32.Adware.InstallCore-2

0.98/19010

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.0

18286

Dr.Web

Adware.InstallCore.20

9.0.1.0303

Emsisoft Anti-Malware

Adware.Generic.241742

8.14.10.30.10

ESET NOD32

Win32/InstallCore.Gen potentially unwanted application

8.7.0.302.0

Fortinet FortiGate

Riskware/InstallCore

10/30/2014

F-Prot

W32/Agent.MC.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Adware.Graftor.31818

11.2014-30-10_5

G Data

Gen:Variant.Adware.Graftor.31818

14.10.24

herdProtect (fuzzy)

variant of flvplayersetup.exe (Adware)

2014.10.30.14

IKARUS anti.virus

AdWare.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12109

Malwarebytes

Adware.Agent

v2014.10.30.10

McAfee

Trojan.Artemis!DCE8CF4182C7

5600.6962

MicroWorld eScan

Gen:Variant.Adware.Graftor.31818

15.0.0.909

NANO AntiVirus

Riskware.Win32.InstallCore.nreyf

0.28.0.59911

nProtect

Trojan/W32.InstallCore.550408

14.05.16.01

Qihoo 360 Security

Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.InstallCore.AA

14.8.14.15

Rising Antivirus

PE:PUF.InstallCore!1.9DE1

23.00.65.141028

Sophos

Install Core Installer

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-InstallCore

10268

Trend Micro House Call

TROJ_PAM_000001020C.T3

7.2.303

Trend Micro

HT_INSTALLCORE_BL21017A.TOMC

10.465.30

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.A

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29302

Zillya! Antivirus

Trojan.Genome.Win32.137604

2.0.0.1791

File size:

546.5 KB (559,624 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_flvplayersetup.exe

Digital Signature

Signed by:

Install Core

Authority:

The USERTRUST Network

Valid from:

2/2/2011 1:00:00 AM

Valid to:

2/3/2012 12:59:59 AM

Subject:

CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:ZiH0sSS86u/hlTMENcB62eKsJbXZCxTIPloxUO1VgmikHlT1WISoMMK9:ZE86u/TMmuTeRJbJQ4oxUc2micp1WI96

Entry address:

0x10FE00

Entry point:

60, BE, 00, 00, 49, 00, 8D, BE, 00, 10, F7, FF, C7, 87, 10, 27, 0C, 00, 02, 5C, 2B, 9A, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

512 KB (524,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_flvplayersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.