» iphone-ringtone-maker-2-5-1-en-win-setup.exe
Overview
Analysis
File Details
Downloads (1)

iphone-ringtone-maker-2-5-1-en-win-setup.exe

The application iphone-ringtone-maker-2-5-1-en-win-setup.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dw4.en.uptodown.com.

File name:

MD5:

dceb1e499d116af40a42c8122e925120

SHA-1:

432fe8bc993b7c77d341106e3bfbe5db81ee2e7e

SHA-256:

ab5dcbcb0867643e03e307808b38fdae7655cf890b75e6935efe9daf880079af

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/24/2024 10:52:45 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/InstallCore.AI

7.11.122.176

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.14420

Bkav FE

W32.Clodb40.Trojan

1.3.0.4562

Comodo Security

ApplicUnwnt

17520

Dr.Web

Trojan.Packed.24524

9.0.1.02

ESET NOD32

Win32/InstallCore.BK.Gen

8.9115

Fortinet FortiGate

W32/InstallCore_BK.gen

4/20/2014

F-Prot

W32/InstallCore.R.gen

v6.4.7.1.166

K7 AntiVirus

Trojan

13.174.10656

Malwarebytes

PUP.Optional.InstallCore

v2014.01.02.03

McAfee

Artemis!EBE71C60DD6C

5600.7155

Rising Antivirus

PE:PUA.XPACK-LNR!1.5594

23.00.65.131231

Sophos

InstallCore ToDownload

4.95

Trend Micro House Call

TROJ_GEN.F47V1208

7.2.110

Vba32 AntiVirus

Downware.InstallCore

3.12.24.3

VIPRE Antivirus

InstallCore.b

23870

File size:

602.2 KB (616,648 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:QUgMJfsGFoLVqBd1tVCGzU05NtAoDOZ00QR69g/OEVWHL8s:wMJfs+eVY1TyTTG4H

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.8251

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file iphone-ringtone-maker-2-5-1-en-win-setup.exe has been seen being distributed by the following URL.

http://dw4.en.uptodown.com/dm/1387021374/.../iphone-ringtone-maker-2-5-1-en-win-setup.exe

Remove iphone-ringtone-maker-2-5-1-en-win-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.