home

icreinstall_wifi-hopper by mytunisia.exe

UpdateStar GmbH

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_wifi-hopper by mytunisia.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
UpdateStar GmbH  (signed and verified)

MD5:
204e701928cab28aa9b5e8a5d1dc64a2

SHA-1:
ac8b291603d323a4f245d477f013e362cf853dcd

SHA-256:
e47c75cccd765bca6729dd7aebd563052bcf3b42bb5af0f51bcbdfe2d510d18e

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/1/2024 7:52:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.98.174

Dr.Web
Adware.InstallCore.72
9.0.1.0359

ESET NOD32
Win32/InstallCore.AW (variant)
7.8739

F-Prot
W32/InstallCore.P.gen
v6.4.7.1.166

McAfee
Artemis!204E701928CA
5600.7271

Reason Heuristics
PUP.UpdateStarGmbH.e
14.2.22.22

Trend Micro House Call
TROJ_GEN.RCBH1KK
7.2.359

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.22.3

VIPRE Antivirus
InstallCore.b
20974

File size:
1 MB (1,093,800 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_wifi-hopper by mytunisia.exe

Digital Signature
Signed by:
UpdateStar GmbH

Authority:
COMODO CA Limited

Valid from:
12/1/2011 1:00:00 AM

Valid to:
12/1/2012 12:59:59 AM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstrasse 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4C04D272CAAEF51D5786CA84D80CFB98

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:lUOglCf4tjYEeJ6u4NpL0rBO2ctxWxKDo+i5sjvGVtUD8T2/dU/KiY0ykeS7T:lLmFdyq10rB6xWwi5qGi3/d7iRykeu

Entry address:
0xCA880

Entry point:
55, 8B, EC, 83, C4, F0, B8, 48, 65, 40, 00, E8, 81, D2, FF, FF, 64, 69, 6E, 61, 6C, 05, 00, 00, 00, 00, FF, FF, FF, FF, 90, 84, 10, 40, 00, 0A, 06, 53, 74, 72, 69, 6E, 67, 90, 10, 40, 00, 0C, 07, 56, 61, 72, 69, 61, 6E, 74, 8D, 40, 00, E8, 10, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 10, 40, 00, 04, 00, 00, 00, 00, 00, 00, 00, 10, 37, 40, 00, 1C, 37, 40, 00, 20, 37, 40, 00, 24, 37, 40, 00, 18, 37, 40, 00, 60, 34, 40, 00, 7C...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
828 KB (847,872 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_wifi-hopper by mytunisia.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.