home

mb-free-feng-shui-bagua_Lisisoft_Installer.exe

The application mb-free-feng-shui-bagua_Lisisoft_Installer.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.searchinstocks.com.
MD5:
e0de8f8cab7cfc0e504de175e8c67754

SHA-1:
d47e2f4a9720396ecd110297b2b1bf458186dbb3

SHA-256:
e081ae52fb8e12edbdf554c692c369c43c44cbad6206230a91371f0c0c930896

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 8:58:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen6
7.11.142.76

avast!
Win32:InstallCore-EK [PUP]
2014.9-140410

AVG
MalSign.InstallCore
2015.0.3509

Bkav FE
HW32.Laneul
1.3.0.4959

Dr.Web
Adware.InstallCore.55
9.0.1.0100

ESET NOD32
Win32/InstallCore.AF (variant)
8.9658

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

Panda Antivirus
PUP/MultiToolbar.A
14.04.10.01

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14408

Sophos
Install Core Click run software
4.98

Trend Micro House Call
HV_INSTALLCORE_BK0843AF.TOMC
7.2.100

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.0

VIPRE Antivirus
Click run software
28184

File size:
1.1 MB (1,167,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mb-free-feng-shui-bagua_lisisoft_installer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:2lGNJE2bbh6hHZ/M4mnzWn29iSzE1Y3tjHej72k/4c79gq4t+59:rNbh6hHZ/M4mzCb16jenZ4UKq4E

Entry address:
0xC96B0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 1C, F4, 41, 00, E8, A5, FF, FF, FF, FF, FF, 83, 7C, 24, 04, 00, 74, 33, 8D, 4C, 24, 0C, 8D, 54, 24, 04, 8B, C5, E8, 5D, FB, FF, FF, 83, 7C, 24, 0C, 00, 75, B1, 8D, 4C, 24, 0C, 8B, 54, 24, 08, 8B, 44, 24, 04, E8, 25, FD, FF, FF, 8B, 04, 24, 33, D2, 89, 10, E9, 90, 00, 00, 00, 8D, 4C, 24, 04, 8B, D7, 8B, C6, E8, 94, FC, FF, FF, 83, 7C, 24, 04, 00, 74, 34, 8D, 4C, 24, 0C, 8D, 54, 24, 04, 8B, C5, E8, 16, FB, FF, FF, 83, 7C, 24, 0C, 00, 0F, 85, 66, FF, FF, FF, 8D, 4C, 24, 0C, 8B, 54...
 
[+]

Entropy:
7.0730

Developed / compiled with:
Microsoft Visual C++

Code size:
817.5 KB (837,120 bytes)

The file mb-free-feng-shui-bagua_Lisisoft_Installer.exe has been seen being distributed by the following URL.

http://www.searchinstocks.com/.../down.php?id=125089

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.