home

installer_mcafee_english.exe

Statscom

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_mcafee_english.exe by Statscom has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mcafee.descargar.es.
Publisher:
Statscom  (signed and verified)

MD5:
95e802e1bd86f49355049bc947db7168

SHA-1:
29b879f1c0cc7d78cd44b169461dd3fb36095f2d

SHA-256:
4979aa03b94865486b8ce6d7970be7b02f70e91d76267d50f42b6da23a1233e3

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/3/2024 12:19:04 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downware
2014.12.03

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

AVG
Generic
2015.0.3340

Clam AntiVirus
Win.Adware.Downloadadmin
0.98/19431

Dr.Web
Adware.Downware.2220
9.0.1.0268

ESET NOD32
Win32/DownloadAdmin (variant)
8.10816

F-Secure
Adware:W32/WebInstallBundle
11.2014-25-09_5

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.DownloadAdmin
v2014.09.25.03

NANO AntiVirus
Riskware.Win32.Downware.djahkt
0.28.6.63850

Norman
InstallCore.WQEC
11.20141207

Reason Heuristics
PUP.Statscom.Y
14.9.30.13

VIPRE Antivirus
Threat.4783369
35224

File size:
824.5 KB (844,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_mcafee_english.exe

Digital Signature
Signed by:
Statscom

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/22/2017 12:59:59 AM

Subject:
CN=Statscom, O=Statscom, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168FC1E941808849273C2F629E69FF2D

File PE Metadata
Compilation timestamp:
7/15/2014 5:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:IxpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8SUT:Mp9sVuaVdvgVbmgGDijyikg5m

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Entropy:
7.4919

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file installer_mcafee_english.exe has been seen being distributed by the following URL.

http://mcafee.descargar.es/.../down.php?p=UK-ADVERTISE&affid=66385-9700_1043_gb&kw=mcafee official uk store mcafeestore.com antivirus software internet

Remove installer_mcafee_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.