icreinstall_videoconvertersetup.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_videoconvertersetup.exe has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Remove icreinstall_videoconvertersetup.exe - Powered by Reason Core Security
MD5:
4cd26c1748b224dd8690fa4484f549e6

SHA-1:
43dc13de4876d3b865c0aac251dda381f692e8fb

SHA-256:
abbeee8c1996858770949c7477ab87bcf5c19adc9560a7f0483527790c82b2fd

Scanner detections:
34 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/3/2016 10:58:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.272019
969

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2014.06.11

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

Antiy Labs AVL
Trojan/Win32.Tgenic
1.0.0.1

avast!
Win32:InstallCore-HF [PUP]
140608-0

Bitdefender
Adware.Generic.272019
1.0.20.805

Clam AntiVirus
Adware.Installcore-77
0.98/19073

CMC Antivirus
Packed.Win32.InstallCore.1!O
1.1.0.977

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.2
18501

Dr.Web
Adware.Downware.294, Adware.InstallCore.25
9.0.1.05190

Emsisoft Anti-Malware
Adware.Generic.272019
8.14.06.10.01

ESET NOD32
Win32/InstallCore.BH potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore.AAAA
6/10/2014

F-Prot
W32/InstallCore.B.gen
4.6.5.141

F-Secure
Adware.Generic.272019
11.2014-10-06_3

G Data
Adware.Generic.272019
14.6.24

K7 AntiVirus
Trojan
13.1712358

K7 Gateway Antivirus
Trojan
13.1712358

Kingsoft AntiVirus
Win32.Troj.Generic.(kcloud)
331020.49267

Malwarebytes
Adware.Agent
v2014.06.10.01

McAfee
Artemis!4CD26C1748B2
5600.7103

McAfee Web Gateway
Artemis!4CD26C1748B2
7.7103

MicroWorld eScan
Adware.Generic.272019
15.0.0.483

NANO AntiVirus
Riskware.Win32.InstallCore.nxxmt
0.28.0.60253

Norman
InstallCore.BD
11.20140610

Panda Antivirus
PUP/MultiToolbar.A
14.06.10.01

Qihoo 360 Security
Win32/Application.8ab
1.0.0.1015

Rising Antivirus
PE:AdWare.Win32.InstallCore.i!1075350952
23.00.65.14608

Sophos
Install Core
4.98

SUPERAntiSpyware
Adware.InstallCore
10552

Total Defense
Win32/InstallCore!Adware
37.0.10990

Vba32 AntiVirus
BScope.Malware-Cryptor.Sinba.A
3.12.26.0

VIPRE Antivirus
Threat.4150696
30086

Remove icreinstall_videoconvertersetup.exe - Powered by Reason Core Security
File size:
570.9 KB (584,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_videoconvertersetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:olSF8CUpmWg8iQJHfvmx1CO37HeaQt0KjrabkywyxXuF67cdQ1VChj:0Zpsz6vmxYOLHktljraAywyA+cq1Ihj

Entry address:
0x117090

Entry point:
60, BE, 00, 10, 49, 00, 8D, BE, 00, 00, F7, FF, C7, 87, 10, 77, 0C, 00, A5, 8B, 5B, BB, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8670

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
540 KB (552,960 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_videoconvertersetup.exe - Powered by Reason Core Security