home

icreinstall_malavida_download_manager.exe

Ontecnia Media Networks SL

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_malavida_download_manager.exe by Ontecnia Media Networks SL has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
Ontecnia Media Networks SL  (signed and verified)

MD5:
6a120755203c911e8d5324f6230fc6d0

SHA-1:
527499d6b836cec1ffe9432bbe5d10500d67c658

SHA-256:
5b531403aa7180ec144d160296e2a6fa5abbd9cd4427db7f84f35eba91aed86c

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/27/2024 3:31:14 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.PL.2
3.6.1.96

avast!
Rootkit-gen [Rtk]
2014.9-150401

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1541

Comodo Security
Application.Win32.InstallCore.DIS
21613

Dr.Web
Trojan.Packed.28400
9.0.1.091

ESET NOD32
Win32/InstallCore.PL potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of malavida_download_manager.exe (Adware)
2015.7.6.10

K7 AntiVirus
Trojan
13.202.15452

NANO AntiVirus
Riskware.Win32.InstallCore.dmfojc
0.30.8.659

Reason Heuristics
PUP.Bundler.OntecniaMediaNetworks
15.4.1.14

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

File size:
696.3 KB (713,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_malavida_download_manager.exe

Digital Signature
Signed by:
Ontecnia Media Networks SL

Authority:
GlobalSign nv-sa

Valid from:
5/14/2014 2:18:12 AM

Valid to:
5/15/2015 2:18:12 AM

Subject:
CN=Ontecnia Media Networks SL, O=Ontecnia Media Networks SL, L=Valencia, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F562CE796CF9757DF343F807242E6FD0

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:A/vpEi3rxMHbgnJaPs4T70vm6jvNJ26TLCo59hsuRYZL:A/viibxMuMPHTIdjV46TLRIZL

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8695

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_malavida_download_manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.