home

scilors_grooveshark(tm)_downloadersetup.exe

The application scilors_grooveshark(tm)_downloadersetup.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.nicesoftwaredonation.com and multiple other hosts.
MD5:
054728cea210c4523bcaac236078394e

SHA-1:
00d0c3b4664b0eb4ec064e31a7ee1a132b047d13

SHA-256:
32f3095b6fa304cd5757e96e151c50df7aa2fca3dc4b4b6915f3e2e485a6128d

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 9:12:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.125.180

avast!
Win32:InstallCore-HG [PUP]
2014.9-140104

Bkav FE
W32.Clod5e3.Trojan
1.3.0.4923

Dr.Web
Trojan.Packed.24524
9.0.1.09

ESET NOD32
Win32/InstallCore.FZ
8.9307

K7 AntiVirus
Unwanted-Program
13.175.10881

McAfee
Artemis!054728CEA210
5600.7260

Panda Antivirus
Adware/MultiToolbar
14.01.19.04

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14102

Sophos
Install Core Click run software
4.96

SUPERAntiSpyware
PUP.InstallCore/Variant
10866

Trend Micro House Call
TROJ_GEN.F47V1113
7.2.4

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore
25546

File size:
673.7 KB (689,856 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\scilors_grooveshark(tm)_downloadersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:5kOyMJfsGHBBwyvSfAsdma3PYw979flTH4xLizGGtZgj41nd9QUjZlr3YTOTY2/H:mOyMJfsfyvSfAsdmWQS9VYxOzGeg+d9f

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file scilors_grooveshark(tm)_downloadersetup.exe has been seen being distributed by the following 3 URLs.

http://download.nicesoftwaredonation.com/download.php?EsetProtoscanCtx=ab5d3c0

http://download.nicesoftwaredonation.com/download.php

http://www.scilor.com/grooveshark/.../serve.php?version=0.4.12

Remove scilors_grooveshark(tm)_downloadersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.