home

rapidload.exe

My Program

Open Source Developer

The application rapidload.exe, “My Program Setup ” by Open Source Developer has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d14gbdnn5fokdd.cloudfront.net and multiple other hosts.
Publisher:
Open Source Developer  (signed and verified)

Product:
My Program

Description:
My Program Setup

MD5:
b59be71b23309c49b80ff7d635c8c809

SHA-1:
17247c7fca84656c8e58a8443076eef1a58ce027

SHA-256:
8f59169f7bd621770e20e33491ffeb9ce68fd6dc7445e9255c2116a04f8013af

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/24/2024 11:49:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen9
7.11.169.62

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14826

ESET NOD32
Win32/InstallCore.PZ (variant)
8.10312

Fortinet FortiGate
Riskware/InstallCore
8/26/2014

Qihoo 360 Security
Win32/Virus.Adware.f22
1.0.0.1015

SUPERAntiSpyware
PUP.InstallCore/Variant
10397

Trend Micro House Call
Suspicious_GEN.F47V0818
7.2.238

File size:
707.5 KB (724,440 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rapidload.exe

Digital Signature
Signed by:
Open Source Developer

Authority:
Unizeto Technologies S.A.

Valid from:
11/14/2013 3:54:26 AM

Valid to:
11/14/2014 3:54:26 AM

Subject:
E=admin@mediacodec.org, CN=Open Source Developer, OU=Software Publishing, O=Open Source Developer, C=PL

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
39A416F8FFA5E48B147ADBE062E63C90

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:zMGvpJZ4Rp3tUkMFzH5svj4AjjMJegcbIleDUEj/Ti2I4SBVqvEaz91BiRfg6wuq:zHvXZ4n3tBhj4JJ+mwUEj/TzOqMsBCov

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8565

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file rapidload.exe has been seen being distributed by the following 3 URLs.

http://d14gbdnn5fokdd.cloudfront.net/.../Rapidload.exe

http://cdn.windowsetup.com/.../Rapidload.exe

http://windowsetup.com/.../?product=rapidload&io=A004&ad=pop&ua=gc&clk=0

Remove rapidload.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.