» icreinstall_install_flashplayer17x32_mssd_aaa_aih.exe
Overview
Analysis
File Details
Network (3)

icreinstall_install_flashplayer17x32_mssd_aaa_aih.exe

Web Software Internet

Connector Source (Fried Cookie Ltd)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_install_flashplayer17x32_mssd_aaa_aih.exe, “Web Software Internet Setup ” by Connector Source (Fried Cookie) has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

Prog Internet Application (signed by Connector Source (Fried Cookie Ltd))

Product:

Web Software Internet

Description:

Web Software Internet Setup

Version:

5.8.4.0

MD5:

1d332737e54f93e548da5c253f7d66e2

SHA-1:

1f4cf5eecc232ee9bec4a2122a06773937692c87

SHA-256:

22b168adac696e560d5e3f05e27aad67f04ade43a708da9df60d166a0412379b

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 1:57:43 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Malware-gen

2014.9-150328

AVG

Generic

2016.0.3156

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallCore.AKG

22250

Dr.Web

Trojan.InstallCore.152

9.0.1.087

ESET NOD32

Win32/InstallCore.XX potentially unwanted application

9.7.0.302.0

herdProtect (fuzzy)

variant of 0b7ujgpcjqpf-b3bon0m3euywqjg (Adware)

2015.7.3.5

K7 AntiVirus

Adware

13.204.16037

Malwarebytes

PUP.Optional.InstallCore.SID.C

v2015.07.03.05

Reason Heuristics

PUP.Installer.InstallCore.Installer

15.3.28.16

VIPRE Antivirus

Threat.4150696

40552

File size:

665 KB (680,960 bytes)

Product version:

5.8.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_install_flashplayer17x32_mssd_aaa_aih.exe

Digital Signature

Signed by:

Connector Source (Fried Cookie Ltd)

Authority:

GlobalSign nv-sa

Valid from:

2/4/2015 5:24:47 PM

Valid to:

2/5/2016 5:24:47 PM

Subject:

CN=Connector Source (Fried Cookie Ltd), O=Connector Source (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121F0ABD9FCAFB02A49C918283EBE56B555

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:RMfplkNAtXR/FozeCAJ0jrOtAt1dkSXnkvWqvRM00dfgJ3DjTxlc+Q3+iBl+P:RMfTkU52jrMG1nXnK/JM00cTxy+QRl+P

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdneu.webfilescdn.com (65.254.40.36:80)

Remove icreinstall_install_flashplayer17x32_mssd_aaa_aih.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.