» icreinstall_zipopenersetup.exe
Overview
Analysis
File Details
Network (2)

icreinstall_zipopenersetup.exe

JumpyApps

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_zipopenersetup.exe by JumpyApps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

JumpyApps (signed and verified)

MD5:

bf78d31f9090aee9d836c5c70ecc9883

SHA-1:

990a2e4e393c342c5eaef0eb5d67522feed81d67

SHA-256:

0a424e8978482dd9b3458523e56865efd15282cd0611a1e46fb646fe1e05b456

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/19/2024 10:13:47 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.JumpyApps.Installer (M)

15.11.22.8

File size:

670.2 KB (686,264 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_zipopenersetup.exe

Digital Signature

Signed by:

JumpyApps

Authority:

COMODO CA Limited

Valid from:

2/17/2013 7:00:00 PM

Valid to:

2/18/2014 6:59:59 PM

Subject:

CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:QS3ySJzvtOHgKCXMyTtTQHVAf4GKtI7lOvr/yDVuPgvuzmfVAhy++DpW:BySJzEAK49C1HGKYOvr/yIgvAmtAhyB1

Entry address:

0xBAB4

Entry point:

55, 8B, EC, 83, C4, F4, B8, 54, BA, 40, 00, E8, 70, 96, FF, FF, 68, E0, BA, 40, 00, E8, 72, 97, FF, FF, 68, E0, BA, 40, 00, 6A, 00, E8, 3E, 97, FF, FF, E8, 8D, 75, FF, FF, 00, 64, 73, 61, 64, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8106

Developed / compiled with:

Microsoft Visual C++

Code size:

43 KB (44,032 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_zipopenersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.