home

ix7000ndwin255_ntwin255de.exe

My Program

UpdateStar GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application ix7000ndwin255_ntwin255de.exe, “My Program Setup ” by UpdateStar GmbH has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
UpdateStar GmbH  (signed and verified)

Product:
My Program

Description:
My Program Setup

MD5:
2ebffd13d19adca4b74d1d440add2c40

SHA-1:
0313b4a7b045557799c252b5e672936e49ec4e96

SHA-256:
0ec3d87557c69894e8ad266d583fd0ef8e1571acb0862aa069e78729ac21867d

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 11:06:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.PR.1
7.11.178.236

AVG
Generic
2016.0.3179

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1535

Clam AntiVirus
Win.Trojan.Installcore-199
0.98/20153

Comodo Security
Application.Win32.Installcore.OG
19815

Dr.Web
Trojan.Packed.28339
9.0.1.064

ESET NOD32
Win32/InstallCore.PR potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
3/5/2015

herdProtect (fuzzy)
variant of adobeairinstaller.exe (PUP)
2015.6.12.15

K7 AntiVirus
Unwanted-Program
13.184.13704

Malwarebytes
PUP.Optional.InstallCore
v2015.03.06.12

McAfee
Artemis!0FF6F0092547
5600.6835

Norman
InstallCore.WQDY
11.20150306

Reason Heuristics
PUP.Installer.UpdateStarGmbH
15.3.5.23

Sophos
PUA 'Install Core Click run software'
5.11

SUPERAntiSpyware
Trojan.Agent/Gen-Packer
10015

Trend Micro House Call
Suspicious_GEN.F47V0725
7.2.64

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33980

Zillya! Antivirus
Adware.InstallCore.Win32.245
2.0.0.1957

File size:
749.8 KB (767,824 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ix7000ndwin255_ntwin255de.exe

Digital Signature
Signed by:
UpdateStar GmbH

Authority:
VeriSign, Inc.

Valid from:
6/9/2014 8:00:00 PM

Valid to:
6/10/2015 7:59:59 PM

Subject:
CN=UpdateStar GmbH, OU=IT, O=UpdateStar GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71A04D21E9F4BB6E19C3CB7D720E6245

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:tk6FaJv8TUco9B++8QK9qd1R2E32LzkCtCTeJHPyom7g+8/mie2LhSTmK3B7DYny:tk6FcGUcKntK9YR2EmMTiHPrmBiToB7z

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8471

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove ix7000ndwin255_ntwin255de.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.