home

icreinstall_mipony-installer.exe

Installer Software

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_mipony-installer.exe, “Installer Software Setup ” has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Product:
Installer Software

Description:
Installer Software Setup

MD5:
b8867d3c927573967b522ee51c14ceed

SHA-1:
2236109b7de42c0f33c31b8d3beed94cac49dcb5

SHA-256:
220f20a8830ff9c707f5404b85c79149ff03bae9ba004697ccdddc93f4989df0

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 5:46:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15124

ESET NOD32
Win32/InstallCore.WB (variant)
9.11063

McAfee
Artemis!B8867D3C9275
5600.6876

Reason Heuristics
PUP.InstallCore.Installer
15.1.24.6

Trend Micro House Call
Suspicious_GEN.F47V0122
7.2.24

File size:
681.4 KB (697,745 bytes)

Product version:
2.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_mipony-installer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Oevpk7L9hiiXxlOot1iPOUmW3OMPgm2FidN0rjzhpxNBIREc:OevW7ZhPxtjdWeBFQNyjvqEc

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8138

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_mipony-installer.exe has been seen being distributed by the following 3 URLs.

http://dw.uptodown.com/dwn/n4Q4asuIgQnwx7Rv3-nARf8Ro6YOaUoc16AkATEMoryfhvCbFstI4h5FOp9OXm918LED858enB9tnSKh-WhdN-bpR0niC88G0h-VDhmBu2xcEuV7zMr-6aOTgBCJKWrZ/zwRaPQ3ymozT5_Ws01eC1JehEe-dfw0WIl3Jra5CSh9xBcArcl4u6TuvbzlMPS0QiihtNM96KJJ0VuUkFx4eKOjnLTTh9SuV_QJzB6DcjdlxoJssNlP5k2geqibKpB0t/.../

http://www.mipony.net/.../Mipony-Installer.exe

http://download.mipony.net/.../Mipony-Installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_mipony-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.