» makeup-pilot-452-baixaki-32-bits-4102012121744.exe
Overview
Analysis
File Details
Downloads (1)

makeup-pilot-452-baixaki-32-bits-4102012121744.exe

The application makeup-pilot-452-baixaki-32-bits-4102012121744.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.baixaki.com.br.

File name:

MD5:

d2ad6722ce0614e9914b7cc22e7ba05b

SHA-1:

587c46aa9afb72c748b13ffa09563c9791d67745

SHA-256:

609f968caf808ac0a1fcb361943670f325fc7e45ac91f105fda21be6142df676

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 6:11:45 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.InstallCore.72

9.0.1.0185

ESET NOD32

Win32/InstallCore.AY (variant)

10.7945

F-Prot

W32/InstallCore.P2.gen

v6.4.6.5.141

Reason Heuristics

PUP.InstallCore.ENG (M)

16.7.3.6

SUPERAntiSpyware

Trojan.Agent/Gen-Artemis

9044

Trend Micro House Call

HV_INSTALLBAI_BK083E0C.TOMC

7.2.185

Vba32 AntiVirus

Malware-Cryptor.InstallCore.9

3.12.18.5

VIPRE Antivirus

Trojan.Win32.Generic

15278

File size:

1.1 MB (1,101,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\makeup-pilot-452-baixaki-32-bits-4102012121744.exe

File PE Metadata

Compilation timestamp:

6/19/1992 10:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:WuiW8LUoaP80hQkAN42diMxOv8cgstU1dqqXy3F:WuiJLonekA8A+gstUfq6

Entry address:

0xCACC0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 5C, DA, 40, 00, E8, 95, F7, FF, FF, 80, 11, 48, 00, 8B, C0, FF, 25, EC, 11, 48, 00, 8B, C0, FF, 25, 7C, 11, 48, 00, 8B, C0, FF, 25, 78, 11, 48, 00, 8B, C0, FF, 25, 74, 11, 48, 00, 8B, C0, FF, 25, 04, 12, 48, 00, 8B, C0, FF, 25, 00, 12, 48, 00, 8B, C0, FF, 25, FC, 11, 48, 00, 8B, C0, FF, 25, 70, 11, 48, 00, 8B, C0, FF, 25, 6C, 11, 48, 00, 8B, C0, FF, 25, 14, 12, 48, 00, 8B, C0, FF, 25, 10, 12, 48, 00, 8B, C0, FF, 25, 0C, 12, 48, 00, 8B, C0, FF, 25, 68, 11, 48, 00, 8B, C0, FF, 25... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

828 KB (847,872 bytes)

The file makeup-pilot-452-baixaki-32-bits-4102012121744.exe has been seen being distributed by the following URL.

http://dl.baixaki.com.br/programas/.../makeup-pilot-452-baixaki-32-bits-4102012121744.exe

Remove makeup-pilot-452-baixaki-32-bits-4102012121744.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.