home

ICReinstall_VideoConverterSetup.exe

The application ICReinstall_VideoConverterSetup.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.videoconvertertool.net and multiple other hosts.
MD5:
83d8c0ba527e00ad9805e25c8117f918

SHA-1:
c7b05d49bd79161b7ce8e1016267ff530d59e89f

SHA-256:
731f6f4061c7b6ec1bc56025e5ad372515478727a9c1b19684a2aca92151f529

Scanner detections:
32 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 3:58:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.76613
872

Agnitum Outpost
Trojan.Adware
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2014.02.21

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.82.124

avast!
Win32:InstallCore-HF [PUP]
2014.9-140915

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14322

Bitdefender
Gen:Variant.Adware.Graftor.76613
1.0.20.1290

Bkav FE
W32.Clod185.Trojan
1.3.0.4613

Clam AntiVirus
Win.Adware.Installcore-164
0.98/18355

Comodo Security
Application.Win32.ClickRun.A
16367

Dr.Web
Adware.InstallCore.53
9.0.1.081

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.76613
8.14.09.15.01

ESET NOD32
Win32/InstallCore.AY (variant)
8.8406

Fortinet FortiGate
W32/InstallCore.AY
3/22/2014

F-Prot
W32/InstallCore.P.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.76613
11.2014-15-09_2

G Data
Gen:Variant.Adware.Graftor.76613
14.9.24

K7 AntiVirus
Unwanted-Program
13.168787

McAfee
Artemis!83D8C0BA527E
5600.7184

MicroWorld eScan
Gen:Variant.Adware.Graftor.76613
15.0.0.774

NANO AntiVirus
Trojan.Win32.InstallCore.cqunff
0.28.0.57029

Norman
InstallCore.BD
11.20140915

Panda Antivirus
PUP/MultiToolbar.A
14.09.15.01

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.15.12

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14320

Sophos
Install Core Click run software
4.89

SUPERAntiSpyware
Adware.InstallCore/Variant
10358

Trend Micro House Call
TROJ_GEN.RCBH1IO
7.2.81

Trend Micro
HT_INSTALLCORE_BK084721.TOMC
10.465.15

Vba32 AntiVirus
Malware-Cryptor.InstallCore.9
3.12.22.2

VIPRE Antivirus
Click run software
18378

File size:
1.2 MB (1,208,728 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_videoconvertersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:DsSJe5l7iKZyRaVrkSS4eyaK1HODaDoY9sUMD:QVuR8rkp4eyD1HO26UM

Entry address:
0xCAFE0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 74, 14, 41, 00, E8, CA, FA, FF, FF, EB, 08, 8B, 1B, 3B, FB, 75, 85, 33, C0, 59, 5A, 5D, 5F, 5E, 5B, C3, 90, 53, 56, 57, 8B, DA, 8B, F0, 81, FE, 00, 00, 10, 00, 7D, 07, BE, 00, 00, 10, 00, EB, 0C, 81, C6, FF, FF, 00, 00, 81, E6, 00, 00, FF, FF, 89, 73, 04, 6A, 01, 68, 00, 20, 00, 00, 56, 6A, 00, E8, F8, FD, FF, FF, 8B, F8, 89, 3B, 85, FF, 74, 23, 8B, D3, B8, E4, A5, 46, 00, E8, 6C, FE, FF, FF, 84, C0, 75, 13, 68, 00, 80, 00, 00, 6A, 00, 8B, 03, 50, E8, D9, FD, FF, FF, 33, C0, 89...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
828 KB (847,872 bytes)

The file ICReinstall_VideoConverterSetup.exe has been seen being distributed by the following 2 URLs.

http://www.videoconvertertool.net/d/.../dsnr/?dl=1&/d/.../=&sr=dsnr&SourceId=355&CreativeId=16047281&LineItemId=4946641&PublisherId=725624&SectionId=129993532

http://www.videoconvertertool.net/d/sh/.../?dl=1

Remove ICReinstall_VideoConverterSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.