home

icreinstall_zipopenersetup.exe

JumpyApps

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_zipopenersetup.exe by JumpyApps has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.
Publisher:
JumpyApps  (signed and verified)

MD5:
8d7f2ffffbd17a15370c54be50494de7

SHA-1:
22e02ee9907d114209d1ed18ee128ecaac7e647d

SHA-256:
e04643b1ba8117ffc8fb713a2ae534f361f257f075d8867d03ee88d911c43ebe

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 1:25:56 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadManager
2014.06.07

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

AVG
Adware InstallCore.JD
2014.0.4253

Comodo Security
Application.Win32.Installcore.IJU
18458

Dr.Web
Trojan.Packed.24524
9.0.1.072

ESET NOD32
Win32/InstallCore.JF potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore_JE
3/13/2015

G Data
Win32.Application.InstallCore
15.3.24

herdProtect (fuzzy)
variant of zipopenersetup.exe (Adware)
2015.6.19.19

K7 AntiVirus
Unwanted-Program
13.1712333

Malwarebytes
PUP.Optional.JumpyApps
v2015.03.13.01

McAfee
Artemis!FC85EF608D5D
5600.6827

NANO AntiVirus
Trojan.Win32.Kryptik.cwezfs
0.28.0.60100

Panda Antivirus
Trj/Genetic.gen
15.03.13.01

Reason Heuristics
PUP.Bundler.ironSource
15.3.13.13

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V0208
7.2.72

VIPRE Antivirus
Trojan.Win32.Generic
30022

File size:
655.3 KB (670,976 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_zipopenersetup.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 7:00:00 PM

Valid to:
2/18/2014 6:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:68fSvsZCMwgxRqnUgXuAdT6I+8t5BQpLi3vg5Iczlp0mEpHCjo8wgvsPl4xSeGfT:6EZ1wMN4uAQI+k5BQpefgSxmEpHCscRo

Entry address:
0x8440

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, F0, 89, 45, EC, B8, 08, 84, 40, 00, E8, 48, C8, FF, FF, 33, C0, 55, 68, BD, 84, 40, 00, 64, FF, 30, 64, 89, 20, E8, 51, A2, FF, FF, 85, C0, 7E, 33, 8D, 55, F0, B8, 09, 00, 00, 00, E8, A0, A2, FF, FF, 8B, 45, F0, 50, B8, 64, 00, 00, 00, E8, EA, A2, FF, FF, 8D, 55, EC, E8, 42, D5, FF, FF, 8B, 55, EC, 58, E8, 5D, B0, FF, FF, 75, 05, E8, B2, FE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, C4, 84, 40, 00, 8D, 45, EC, BA, 02, 00, 00, 00, E8, 78, AD, FF, FF, C3, E9, 0E, A8...
 
[+]

Entropy:
7.8394

Developed / compiled with:
Microsoft Visual C++

Code size:
29.5 KB (30,208 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_zipopenersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.