home

photoscape-365-32-bits.exe

The application photoscape-365-32-bits.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from dl.cdn.baixaki.com.br and multiple other hosts.
MD5:
fdeb0a7dd96cb833c190e3e73cfcc110

SHA-1:
7cc0fb12869e12bf730a7805cb0acb6e16f4a125

SHA-256:
b386dc292a5f94acf073a0843e1cf7bb6d012b1f068f6242d0d3b7c8583cfb95

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
4/24/2024 3:53:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.106.104

AVG
MalSign.InstallC
2016.0.3205

Bkav FE
W32.Clodc72.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17073

Dr.Web
Trojan.Packed.24524
9.0.1.038

ESET NOD32
Win32/InstallCore.CA.gen (variant)
9.8891

Fortinet FortiGate
Riskware/InstallCore_CA
2/7/2015

F-Prot
W32/InstallCore.R4.gen
v6.4.7.1.166

IKARUS anti.virus
SoftwareBundler
t3scan.2.0.127

K7 AntiVirus
Trojan
13.177.11984

Malwarebytes
PUP.Optional.InstallCore
v2015.02.07.05

McAfee
Artemis!0A7264A613B4
5600.6861

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

NANO AntiVirus
Riskware.Win32.InstallCore.ddoubc
0.28.2.61861

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V0802
7.2.38

Trend Micro
TROJ_FAKEAV.BMC
10.465.07

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore.b
22200

File size:
648.4 KB (663,912 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\photoscape-365-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:QyMJfsGJQEGWkDQOY5t41H8Dulsr/6c0mnRuYWiUcgNBXGzk+cyBmRvM:QyMJfsVEGdR1AulsbxuD4aB2o4B

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file photoscape-365-32-bits.exe has been seen being distributed by the following 2 URLs.

http://dl.cdn.baixaki.com.br/programas/46101/.../photoscape-365-32-bits.exe

http://dl.cdn.baixaki.com.br/programas/34357/.../itunes-11055-32-bits.exe

Remove photoscape-365-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.