» install codec pack804274.exe
Overview
Analysis
File Details
Network (3)

install codec pack804274.exe

Installer

GreenBottleSoftware Inc.

The application install codec pack804274.exe by GreenBottleSoftware has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

GreenBottleSoftware Inc. (signed and verified)

Product:

Installer

Version:

15.9.28.27

MD5:

e2434d7f69a2b15fb029f3cf5db423ae

SHA-1:

da4621a597553f9550150b09bc9ece7053113ee7

SHA-256:

e73aae99b608bff8c4d7bd70d8ca33b8a0a13f8feb7ac0f76d70a9d09be621d1

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 2:26:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GreenBottleSoftware.Installer (M)

16.1.21.22

File size:

727.4 KB (744,872 bytes)

Product version:

15.9.28.27

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\install codec pack804274.exe

Digital Signature

Signed by:

GreenBottleSoftware Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

3/29/2013 6:18:22 PM

Valid to:

3/29/2016 6:18:22 PM

Subject:

CN=GreenBottleSoftware Inc., O=GreenBottleSoftware Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07C97E877D6A20

File PE Metadata

Compilation timestamp:

11/7/2013 6:37:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:Id8tgcMP+/iCT7jQ1h3BJEFaCDRriEvJsqPqXCJxfclwqJDik4XvRtZ5BD4z4q4M:MA5TUtHM6D8UOODlqlz4z4q4444SfQ

Entry address:

0xC2FF

Entry point:

E8, 5E, 43, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 80, 34, 42, 00, 00, 75, 18, E8, A9, 3B, 00, 00, 6A, 1E, E8, F3, 39, 00, 00, 68, FF, 00, 00, 00, E8, 30, 31, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 80, 34, 42, 00, FF, 15, F8, 90, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 84, 34, 42, 00, 74, 0D, 53, E8, 80, 24, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 00, 05, 00, 00, 89, 30, E8, F9, 04, 00, 00, 89... 
[+]

Code size:

95 KB (97,280 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove install codec pack804274.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.