» installvoodooshield.exe
Overview
Analysis
File Details
Downloads (1)

installvoodooshield.exe

VoodooShield

VoodooSoft, LLC

The application installvoodooshield.exe by VoodooSoft has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.bleepingcomputer.com.

File name:

Publisher:

VoodooSoft, LLC (signed by VoodooSoft, LLC)

Product:

VoodooShield

Version:

3.50.0.0

MD5:

55bce82b5158bf5ca03545e4a3b0d7c2

SHA-1:

b1752a6a0db8274ebc6c6334c42cf1483388f95d

SHA-256:

368480d353b87578fcb821dd84ad0948c512af916c19d90b8f9094cef164b2ae

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/2/2024 1:13:02 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.2.13.18

File size:

13.4 MB (14,019,992 bytes)

Product version:

3.51

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\installvoodooshield.exe

Digital Signature

Signed by:

VoodooSoft, LLC

Authority:

VeriSign, Inc.

Valid from:

6/6/2016 1:00:00 AM

Valid to:

7/6/2018 12:59:59 AM

Subject:

CN="VoodooSoft, LLC", O="VoodooSoft, LLC", L=Overland Park, S=Kansas, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

03C14383F2C4DE9C0BA8E43449E4B294

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9998

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file installvoodooshield.exe has been seen being distributed by the following URL.

https://download.bleepingcomputer.com/dl/e65d1d4281d4e3ee3ad2ae2c9fbf96d7/58a55e88/windows/security/anti-virus/v/.../InstallVoodooShield.exe

Remove installvoodooshield.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.