home

policedecriture font(saginaw) downloader.exe

Click run software

The application policedecriture font(saginaw) downloader.exe by Click run software has been detected as adware by 19 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.policedecriture.com.
Publisher:
Click run software  (signed and verified)

MD5:
c282312c245de264f1e2b0d5c1f8c759

SHA-1:
1f317f9d4bed4e0915811c3b3638cc7833ceacd8

SHA-256:
abca94e1f93c98f5635c9e80fedaea25f33404fb4ee766f1eaa9634ebe434dd7

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 11:46:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AegisLab AV Signature
AdWare.W32.InstallCore
2.1.4+

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/ClickRun.fqh
7.11.128.158

AVG
InstallCore
2015.0.3389

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14213

Bkav FE
W32.Clod839.Trojan
1.3.0.4923

Comodo Security
Application.Win32.ClickRun.A
17718

Dr.Web
Adware.InstallCore.69
9.0.1.044

ESET NOD32
Win32/InstallCore.AT (variant)
8.9371

K7 AntiVirus
Unwanted-Program
13.175.11028

McAfee
Artemis!D1650D49D816
5600.7221

NANO AntiVirus
Trojan.Win32.InstallCore.csswtr
0.28.0.57473

Panda Antivirus
Adware/MultiToolbar
14.02.13.11

Reason Heuristics
PUP.Clickrunsoftware.i
14.8.7.20

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14211

Sophos
Install Core Click run software
4.97

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.24.3

VIPRE Antivirus
Click run software
26060

File size:
1 MB (1,079,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\policedecriture font(saginaw) downloader.exe

Digital Signature
Signed by:
Click run software

Authority:
COMODO CA Limited

Valid from:
4/19/2012 12:00:00 AM

Valid to:
4/19/2013 11:59:59 PM

Subject:
CN=Click run software, O=Click run software, STREET=63 Rotshylid Shderot, L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A243E49C0DAF69F7C5ACF083EB184161

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:wQ/1RDxmcFxZibnjDXd57gBnSGiAgnc0teTyl7tZsXXzLjk9/g2:FRDxmcnwbnjbd5UBmHnc0t8ydt6XjLjF

Entry address:
0xCAA90

Entry point:
55, 8B, EC, 83, C4, F0, B8, B4, CA, 40, 00, E8, E4, DB, FF, FF, 42, 04, 89, 03, B0, 01, 5E, 5B, C3, 8B, 50, 04, 8B, 08, 89, 0A, 89, 51, 04, 8B, 15, E0, 75, 45, 00, 89, 10, A3, E0, 75, 45, 00, C3, 53, 56, 57, 55, 51, 8B, F1, 89, 14, 24, 8B, E8, 8B, 5D, 00, 8B, 04, 24, 8B, 10, 89, 16, 8B, 50, 04, 89, 56, 04, 8B, 3B, 8B, 43, 08, 8B, D0, 03, 53, 0C, 3B, 16, 75, 14, 8B, C3, E8, B7, FF, FF, FF, 8B, 43, 08, 89, 06, 8B, 43, 0C, 01, 46, 04, EB, 16, 8B, 16, 03, 56, 04, 3B, C2, 75, 0D, 8B, C3, E8, 9A, FF, FF, FF, 8B...
 
[+]

Code size:
826 KB (845,824 bytes)

The file policedecriture font(saginaw) downloader.exe has been seen being distributed by the following URL.

http://www.policedecriture.com/exeGenerator/downloadFont.php?PRODUCT_TITLE=Saginaw&DOWNLOAD_URL=http://www.policedecriture.com/d/.../saginaw.zip

Remove policedecriture font(saginaw) downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.