home

icreinstall_videoconvertersetup.exe

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_videoconvertersetup.exe has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
48a32e612efd368a1309045405672ba3

SHA-1:
9ccc0e339c5783d910f3127dc952c4382c6240d7

SHA-256:
589d5046381b9c0cb17ae7f305599b87d23da15eb7c94d1f1ac3610855b0bb8b

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 3:29:27 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/Downloader.Gen6
8.3.1.6

AVG
Adware InstallCore.BG
2014.0.4311

Clam AntiVirus
Win.Adware.453613
0.98/20518

Comodo Security
Application.Win32.ClickRun.A
22258

Dr.Web
Adware.InstallCore.53
9.0.1.05190

ESET NOD32
Win32/InstallCore.AG potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.V.gen
4.6.5.141

K7 AntiVirus
Unwanted-Program
13.204.16062

NANO AntiVirus
Trojan.Win32.InstallCore.cquvfb
0.30.24.1636

Norman
Adware.Generic.453613
03.12.2014 13:20:04

Panda Antivirus
PUP/MultiToolbar.A
15.05.28.05

Reason Heuristics
PUP.InstallCore.Installer
15.5.28.17

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15526

Sophos
PUA 'Install Core Click run software'
5.14

SUPERAntiSpyware
Adware.InstallCore
9848

Trend Micro House Call
HV_INSTALLCORE_BK08407C.TOMC
7.2.148

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.4

VIPRE Antivirus
Threat.4150696
40552

File size:
1.1 MB (1,144,592 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_videoconvertersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:GdfNEVHAW0jG/qt3LPU9zJWTc8EK4aJ6dzXn+JYDjN+BET:4lEVwJLM9zJWTc8EK6xXz

Entry address:
0xCE330

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, 1E, 40, 00, E8, F2, F5, FF, FF, 00, 8B, C0, FF, 25, 50, 51, 47, 00, 8B, C0, FF, 25, 4C, 51, 47, 00, 8B, C0, FF, 25, DC, 51, 47, 00, 8B, C0, FF, 25, D8, 51, 47, 00, 8B, C0, FF, 25, D4, 51, 47, 00, 8B, C0, FF, 25, 48, 51, 47, 00, 8B, C0, FF, 25, 44, 51, 47, 00, 8B, C0, FF, 25, EC, 51, 47, 00, 8B, C0, FF, 25, E8, 51, 47, 00, 8B, C0, FF, 25, E4, 51, 47, 00, 8B, C0, FF, 25, 40, 51, 47, 00, 8B, C0, FF, 25, 3C, 51, 47, 00, 8B, C0, FF, 25, 38, 51, 47, 00, 8B, C0, 53, 83, C4, BC, BB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
841 KB (861,184 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_videoconvertersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.