home

icreinstall_icreinstall_killers.sam.s.town.meadiafire.final.zip_downloader.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_icreinstall_killers.sam.s.town.meadiafire.final.zip_downloader.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
MD5:
1e8ba6a57c022af61b353be51bf13793

SHA-1:
c3226226b6f293dc8cf4c4e691269c7d14c22495

SHA-256:
ad6a35655748abc13d33a82464e1a464e69fd1433e29a0d0e58a5703a3d837ed

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 6:09:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7616670
926

Avira AntiVirus
APPL/Downloader.Gen6
7.11.163.164

avast!
Win32:InstallCore-CD [PUP]
140617-1

AVG
InstallCore
2015.0.3404

Bitdefender
Trojan.Generic.7616670
1.0.20.1020

Bkav FE
HW32.Laneul
1.3.0.4959

Clam AntiVirus
Win.Trojan.Installcore-5
0.98/19168

Comodo Security
Application.Win32.ClickRun.B
18948

Dr.Web
Adware.InstallCore.45
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.7616670
8.14.07.23.12

ESET NOD32
Win32/InstallCore.W potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore.W
7/23/2014

F-Prot
W32/InstallCore.V.gen
4.6.5.141

F-Secure
Trojan.Generic.7616670
11.2014-23-07_4

G Data
Trojan.Generic.7616670
14.7.24

MicroWorld eScan
Trojan.Generic.7616670
15.0.0.612

NANO AntiVirus
Riskware.Win32.InstallCore.cwgxyc
0.28.2.60990

nProtect
Trojan.Generic.7616670
14.07.23.01

Panda Antivirus
PUP/MultiToolbar.A
14.07.23.12

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14721

Sophos
Install Core Click run software
4.98

SUPERAntiSpyware
Adware.InstallCore
10466

VIPRE Antivirus
Threat.4754767
31208

File size:
1 MB (1,058,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_icreinstall_killers.sam.s.town.meadiafire.final.zip_downloader.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Uynj6yPuEeB6Lh+P+RKYBfaUfMb/s+tNjM50OLGOCBRJBGYFoKTIhsk2:UEj6yPuEeBmK+RKkCUfMbk0QLGOCBRJw

Entry address:
0xC15C0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 68, 07, 42, 00, E8, 59, F9, FF, FF, 40, 00, 07, 54, 4F, 62, 6A, 65, 63, 74, 0C, 11, 40, 00, 07, 07, 54, 4F, 62, 6A, 65, 63, 74, 00, 11, 40, 00, 00, 00, 00, 00, 00, 00, 06, 53, 79, 73, 74, 65, 6D, 00, 00, 2C, 11, 40, 00, 0F, 0A, 49, 49, 6E, 74, 65, 72, 66, 61, 63, 65, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 46, 06, 53, 79, 73, 74, 65, 6D, 03, 00, FF, FF, CC, 83, 44, 24, 04, F8, E9, B1, 4E, 00, 00, 83, 44, 24, 04, F8, E9, CF, 4E, 00, 00, 83...
 
[+]

Entropy:
6.9641

Developed / compiled with:
Microsoft Visual C++

Code size:
788 KB (806,912 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.