home

icreinstall_teracopy.exe

Seke

Webcellence Ltd.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_teracopy.exe, “Seke Setup ” by Webcellence has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.newclearchuckle.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
Webcellence Ltd.  (signed and verified)

Product:
Seke

Description:
Seke Setup

MD5:
1aaf7cc34c48530152941691b070afae

SHA-1:
0e8ea6ff65f4e2a6ac5ce44b115ba31740e6865d

SHA-256:
e40cd1b77fbd5d9ee464e8fb84fc02ab0afc4b983f027143bd6b48fb0473bdca

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 2:14:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.Webcelle.Installer (M)
16.4.21.11

File size:
1008.1 KB (1,032,328 bytes)

Product version:
4.0.9

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_teracopy.exe

Digital Signature
Signed by:
Webcellence Ltd.

Authority:
thawte, Inc.

Valid from:
1/17/2016 4:00:00 PM

Valid to:
1/17/2017 3:59:59 PM

Subject:
CN=Webcellence Ltd., OU=IT, O=Webcellence Ltd., L=ORA, S=Israel, C=IL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
773E2C2E5EC62B0904E1441B54A723A6

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:XT4l2EzvgKf+c8exClbqzXPniXPzSwNIXMjZUB20/6HE5bbw:XT0tvr+c8eleXrHK8jZUB2bHERw

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9194

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file icreinstall_teracopy.exe has been seen being distributed by the following 2 URLs.

http://www.newclearchuckle.com/c?x=Q7h33FMEUXpOXi9bK9tqr7bwyk7vpT9twJqQ6TORTLY=&c=rqXDAl1/X3oUoGJzQZMyh/1kdnJtLqHb0zFed l3YIIWH3/PuFb1Drnaa788ML0uabx5y7mU4WTKFTVEKhbfxUDNx7jSzVsnhVciTlZmTLo5KsT9itO71lR7KSPVFInDjnL1bMutiC8Zh7qrlgZTCBFdjTsQC kXtjT5UOqKNFE=&e=0&downloadAs=teracopy.exe&fallback_url=http://teracopy.en.downloadastro.com/.../?utm_source=ira&utm_medium=error_generating&utm_campaign=teracopy

http://codesector-eu.s3-website-eu-west-1.amazonaws.com/teracopy.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_teracopy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.