home

icreinstall_itunes_setup.exe

Dnldstr_Aggregator Downloader

Download Sphere

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_itunes_setup.exe by Download Sphere has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Dnldstr_Aggregator  (signed by Download Sphere)

Product:
Dnldstr_Aggregator Downloader

Version:
6.0.45.34368

MD5:
fb3c740ee2ff2f11752818a0dbc0fd2f

SHA-1:
14f1fea1a404995fba62db162858fb1e4c3e7a17

SHA-256:
1d21a6fbff9b77c581dd802b5275e8cde6cd6d066aa43caa8f503f7c2c2fdd6e

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/23/2024 5:06:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
Generic
2016.0.3185

Dr.Web
Trojan.InstallCore.61
9.0.1.058

ESET NOD32
Win32/InstallCore.WQ potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Kazy.311539
11.2015-27-02_6

K7 AntiVirus
Trojan
13.197.15038

Reason Heuristics
PUP.Installer.installCore
15.3.1.15

VIPRE Antivirus
Threat.4150696
37788

File size:
773.9 KB (792,480 bytes)

Product version:
6.0.45.34368

Copyright:
Dnldstr_Aggregator

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_itunes_setup.exe

Digital Signature
Signed by:
Download Sphere

Authority:
COMODO CA Limited

Valid from:
1/8/2015 7:00:00 PM

Valid to:
1/8/2017 6:59:59 PM

Subject:
CN=Download Sphere, O=Download Sphere, STREET="1732 1st Ave #26525", L=New York, S=NY, PostalCode=10128, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
09ED318A28B41FD6E81D57ED46FD6A2D

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:IRhMX6Ur/VzdyjW6cvUTOQBOWwd1jODAAi:I7of/VJyC6cMllwPjuu

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8854

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_itunes_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.