» icreinstall_halo.exe
Overview
Analysis
File Details
Network (2)

icreinstall_halo.exe

Play Turtle, LLC

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_halo.exe by Play Turtle has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

Play Turtle, LLC (signed and verified)

MD5:

b377328718f40e914452790865dbf46d

SHA-1:

2f8628dab9c2667fddd919481af35df5d6eb65f2

SHA-256:

525a8d91ac3a1a72e4c6d2b6e55fccc0cf99fb50b4892457814b79cc1f08e8b6

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Analysis date:

4/19/2024 8:57:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.EpicPlay

17.2.24.23

File size:

1 MB (1,051,264 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_halo.exe

Digital Signature

Signed by:

Play Turtle, LLC

Authority:

VeriSign, Inc.

Valid from:

12/9/2011 6:00:00 PM

Valid to:

12/9/2012 5:59:59 PM

Subject:

CN="Play Turtle, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Play Turtle, LLC", L=Plantation, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1FBA05C4A16403C30CAF42A3523B1862

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xC1A74

Entry point:

55, 8B, EC, 83, C4, F0, B8, C8, D6, 4C, 00, E8, B4, ED, FF, FF, 26, 33, BC, 84, 42, 82, 8D, E3, DA, 50, 6C, 38, CB, 97, 7B, F6, 19, 06, D0, B5, 50, 03, 85, 2C, DF, A5, 81, D8, BA, 1F, 6D, 63, D8, 45, 74, 2A, 4B, 53, CD, 86, 09, F8, 27, A8, AC, 59, 6E, 28, BD, 9C, 99, A8, 4A, 13, 61, 26, D6, 34, 15, C8, 04, E6, F5, 63, 5A, D2, C8, EA, 28, BB, 7D, 8E, 5B, 1A, 31, 48, C1, 77, D6, FA, 2B, 41, 52, 8D, 37, 13, D4, 85, E6, B3, C1, 10, 35, 3F, 6E, 8E, 45, 3D, 7E, 05, EE, 97, BC, 00, BE, BF, 9B, D6, A9, 64, D3, 64... 
[+]

Entropy:

6.7248

Developed / compiled with:

Microsoft Visual C++

Code size:

786.5 KB (805,376 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_halo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.