home

npwe_z5l.exe

Installer

NEXT-POINT (OOO Next-Point)

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file npwe_z5l.exe, “Installer Setup ” by NEXT-POINT (OOO Next-Point) has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Software Installer   (signed by NEXT-POINT (OOO Next-Point))

Product:
Installer

Description:
Installer Setup

Version:
3.5.1.5

MD5:
aaedfc98ad99e291b19c395df6a15d08

SHA-1:
b2b6a89181ea27794d77b4f36fb16373f5ec114c

SHA-256:
23ea4947b60a7d7ecfcb7bd383116624b94e059dc67f8ad0673e6ca5293d8fa1

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 7:06:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
PUA/InstallCore.YL
3.6.1.96

avast!
Trojan-gen
2014.9-150328

AVG
Generic
2016.0.3156

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.AGK
21591

Dr.Web
Trojan.InstallCore.206
9.0.1.087

ESET NOD32
Win32/InstallCore.YL potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of adobe_flash_setup.exe (Adware)
2015.7.3.8

K7 AntiVirus
Adware
13.202.15414

Reason Heuristics
Threat.installCore.Installer
15.4.14.13

VIPRE Antivirus
Threat.4786018
38552

File size:
765.1 KB (783,472 bytes)

Product version:
3.7.8

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\npwe_z5l.exe.part

Digital Signature
Signed by:
NEXT-POINT (OOO Next-Point)

Authority:
COMODO CA Limited

Valid from:
1/21/2015 7:00:00 PM

Valid to:
1/22/2016 6:59:59 PM

Subject:
CN=NEXT-POINT (OOO Next-Point), O=NEXT-POINT (OOO Next-Point), STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75E61A7B437F0F49B6A02FAA99CD28AC

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:kJwbGxVrF3tYuPCoUCx8ZDD/Aa33mWczfHvJi3j1XCD8gAvVUo6OzW7QXY25h8:kJwbUZF9vgCgh33mWcLPJ47VV3x67QN8

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.6668

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove npwe_z5l.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.