» realtek-high-definition-audio-codecs.exe
Overview
Analysis
File Details
Downloads (2)

realtek-high-definition-audio-codecs.exe

The application realtek-high-definition-audio-codecs.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download2.dobreprogramy.pl and multiple other hosts a web site host known to distribute potentially unwanted software operated by dobreprogramy sp. z o.o..

File name:

MD5:

f54d6954d0be662ce9ac32bcd5f72321

SHA-1:

abef5bfd978d759b36e7259588e26636276c6a03

SHA-256:

631b96406cdcd800743f0cc6d558cd0fdd18d60ded9cd680458dd534dc326cb1

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 4:27:15 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.169.82

avast!

Win32:Downloader-TQO [PUP]

2014.9-140902

Dr.Web

Adware.InstallCore.107

9.0.1.0245

ESET NOD32

Win32/InstallCore.BL

8.8237

F-Prot

W32/InstallCore.R.gen

v6.4.6.5.141

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14831

Trend Micro House Call

TROJ_GEN.F47V0503

7.2.245

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

Threat.5063361

32210

File size:

691.1 KB (707,656 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\realtek-high-definition-audio-codecs.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:IjJfsx5s2Pkb6T/Ud1MA5cWxDdlJGF8tQhvauOLiNCfV6qvh/gHZp+F:CJfsXs2PczHcAUF8tQEiNWZ/g5p+F

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file realtek-high-definition-audio-codecs.exe has been seen being distributed by the following 2 URLs.

http://download2.dobreprogramy.pl/.../x86

http://download2.dobreprogramy.pl/.../x64

Remove realtek-high-definition-audio-codecs.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.