» icreinstall_videoconvertersetup.exe
Overview
Analysis
File Details
Network (3)

icreinstall_videoconvertersetup.exe

JumpyApps

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_videoconvertersetup.exe by JumpyApps has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

JumpyApps (signed and verified)

MD5:

2d10516d708b78c945154e78954b0585

SHA-1:

8e1fba83e2678d4c0cc57a4c362045b343dee42c

SHA-256:

1829188cd461d8ef6f22c40686c68530bb3ff7274db5cbf2dd35de4920bce2f7

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 1:06:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1744980

6386702

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

Adware/InstallCo.zlp

7.11.204.114

Bitdefender

Trojan.GenericKD.1744980

1.0.20.110

Dr.Web

Trojan.Packed.24524

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKD.1744980

9.0.0.4799

ESET NOD32

Win32/InstallCore.IP potentially unwanted application

7.0.302.0

F-Prot

W32/A-a6ac9f23

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1744980

5.13.68

G Data

Trojan.GenericKD.1744980

15.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.191.14726

Malwarebytes

PUP.Optional.JumpyApps

v2015.01.22.02

MicroWorld eScan

Trojan.GenericKD.1744980

16.0.0.66

NANO AntiVirus

Riskware.Win32.InstallCore.dfgmlr

0.30.0.64812

Norman

Trojan.GenericKD.1744980

02.01.2015 13:58:24

nProtect

Trojan.GenericKD.1744980

15.01.22.01

Reason Heuristics

PUP.Installer.ironSource

15.1.22.14

Sophos

PUA 'Install Core Click run software'

5.09

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Backdoor.PePatch.Win32.38602

2.0.0.2042

File size:

687.7 KB (704,168 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_videoconvertersetup.exe

Digital Signature

Signed by:

JumpyApps

Authority:

COMODO CA Limited

Valid from:

2/18/2013 12:00:00 AM

Valid to:

2/18/2014 11:59:59 PM

Subject:

CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Evp2sa/pSNe/R9B78UhCDV1blXmygtaZt520dJWV36liiMUqoTVwlTVZ:EvsjRwUhC51BmydZt51dIKAifqymTf

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8108

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdneu.webfilescdn.com (65.254.40.36:80)

Remove icreinstall_videoconvertersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.