home

icreinstall_wireless-wep-key-password-spy.exe

UpdateStar GmbH

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_wireless-wep-key-password-spy.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
UpdateStar GmbH  (signed and verified)

MD5:
4caa7614d93b1da3ee8ac97595b5969b

SHA-1:
bcef1e11372c4a8668a68eb17ef44d3e4f1e6ae1

SHA-256:
ebe8cad880941acc773c211e81dd38b2485a5bc98e34029c2934de27aba91b1d

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/27/2024 1:11:17 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.128.170

Dr.Web
Trojan.KillProc.30849
9.0.1.047

ESET NOD32
Win32/InstallCore.JE.gen (variant)
8.9372

Malwarebytes
PUP.Optional.Installcore
v2014.02.16.05

McAfee
Artemis!AD5E8193F922
5600.7217

Reason Heuristics
PUP.UpdateStarGmbH.j
14.2.16.17

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14214

Trend Micro House Call
TROJ_GEN.F47V0131
7.2.47

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore.b
26086

File size:
669 KB (685,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_wireless-wep-key-password-spy.exe

Digital Signature
Signed by:
UpdateStar GmbH

Authority:
COMODO CA Limited

Valid from:
1/2/2013 12:00:00 AM

Valid to:
1/2/2016 11:59:59 PM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:7vptvVqpPXo+HrdkNuX3MmmJalSXGUhjvmWLVGozhj/OuP/th:7vXvV0ddkz82vJGozhj/3h

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Code size:
37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.