» icreinstall_installer_for_cheat_engine.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

icreinstall_installer_for_cheat_engine.exe

Lacodi

KORAM GAMES LIMITED

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The executable icreinstall_installer_for_cheat_engine.exe, “Lacodi Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from usfiles.brothersoft.com. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

KORAM GAMES LIMITED (signed and verified)

Product:

Lacodi

Description:

Lacodi Setup

MD5:

89db48229648b2887cd37ca7a5b03369

SHA-1:

84f745c010a0eb438647e39c91e20cc2ea730a59

SHA-256:

ad489c2d1e0cd65cd453d9c92ddab480f13a8fb482ab3769f5aa46992af5c366

Scanner detections:

1 / 68

Status:

Malware

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 10:57:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.5.4.9

File size:

997.5 KB (1,021,432 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_installer_for_cheat_engine.exe

Digital Signature

Signed by:

KORAM GAMES LIMITED

Authority:

Symantec Corporation

Valid from:

12/22/2015 7:00:00 AM

Valid to:

2/9/2017 6:59:59 AM

Subject:

CN=KORAM GAMES LIMITED, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

7E60950268CB02F219923ADBDE0484E2

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:2VXlBJgKcPOdzbCkvBuZDvZZoftas0bRVcauFVHT:2VVLgbmdzbCkvBuZ1ZGtaBRIVz

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file icreinstall_installer_for_cheat_engine.exe has been seen being distributed by the following URL.

http://usfiles.brothersoft.com/games/new/game_archives/.../CheatEngine63.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdneu.webfilescdn.com (65.254.40.36:80)

Remove icreinstall_installer_for_cheat_engine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.