home

icreinstall_gimp-2.8.2-setup_downloader.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_gimp-2.8.2-setup_downloader.exe has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
7cc764b9bb7a49407b8926547d0662c4

SHA-1:
7a48ff6bf21123b8a30d3ceaa6d285cdd6f6d7dd

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/18/2024 10:25:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.53094
551

Avira AntiVirus
Adware/InstallCor.C
7.11.58.66

Bitdefender
Gen:Variant.Strictor.53094
1.0.20.1075

Bkav FE
HW32.Laneul
1.3.0.4959

Comodo Security
UnclassifiedMalware
17979

Dr.Web
Adware.InstallCore.75
9.0.1.0215

Emsisoft Anti-Malware
Gen:Variant.Strictor.53094
8.15.08.03.06

ESET NOD32
Win32/InstallCore.AY (variant)
9.7921

Fortinet FortiGate
Riskware/InstallCore
8/3/2015

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Strictor.53094
11.2015-03-08_2

G Data
Gen:Variant.Strictor.53094
15.8.24

herdProtect (fuzzy)
variant of utorrent_installer.exe
2015.9.8.1

MicroWorld eScan
Gen:Variant.Strictor.53094
16.0.0.645

Reason Heuristics
PUP.InstallCore.Installer (M)
15.8.3.6

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15801

Trend Micro House Call
TROJ_GEN.RCBH1LJ
7.2.215

Vba32 AntiVirus
Malware-Cryptor.InstallCore.9
3.12.18.4

VIPRE Antivirus
Trojan.Win32.Generic
15160

File size:
1.1 MB (1,125,744 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\Documents and Settings\{user}\Local settings\temp\icreinstall_gimp-2.8.2-setup_downloader.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Upu35FLxfZEVlgMdgdosf98cCT1xRorUCdgKk6YQDwHHMKMGql0Ju5PiFE+Zfqja:UpM8dG81ITgK0J5JEiFyYt

Entry address:
0xCD3D0

Entry point:
55, 8B, EC, 83, C4, F0, B8, EC, 3D, 40, 00, E8, 12, F2, FF, FF, 8B, C0, FF, 25, 94, 71, 46, 00, 8B, C0, FF, 25, 90, 71, 46, 00, 8B, C0, FF, 25, 8C, 71, 46, 00, 8B, C0, FF, 25, 88, 71, 46, 00, 8B, C0, FF, 25, 84, 71, 46, 00, 8B, C0, FF, 25, 80, 71, 46, 00, 8B, C0, FF, 25, 7C, 71, 46, 00, 8B, C0, FF, 25, 78, 71, 46, 00, 8B, C0, FF, 25, 74, 71, 46, 00, 8B, C0, FF, 25, 70, 71, 46, 00, 8B, C0, FF, 25, 6C, 71, 46, 00, 8B, C0, FF, 25, D8, 71, 46, 00, 8B, C0, FF, 25, 68, 71, 46, 00, 8B, C0, FF, 25, 64, 71, 46, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
837.5 KB (857,600 bytes)

The file icreinstall_gimp-2.8.2-setup_downloader.exe has been seen being distributed by the following URL.

http://www.instalki.pl/.../get_Gimp.php

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_gimp-2.8.2-setup_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.