» setup_370434.exe
Overview
Analysis
File Details
Downloads (1)

setup_370434.exe

iCentric Corporation

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application setup_370434.exe by iCentric has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the installCore installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from members.driverguide.com.

File name:

setup_370434.exe

Publisher:

iCentric Corporation (signed and verified)

MD5:

5729bd3190c17a0bf130e69726ea14d7

SHA-1:

2c3848271d9c00760af04212e9d7ba4279c785ff

SHA-256:

c0c051971bc009d1a6a487adb775a160e18471c9411624bd0335f1d49395cf22

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2024 9:45:46 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Zugo.108

9.0.1.05190

ESET NOD32

Win32/InstallMonetizer.AQ potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.Monetizer

v2014.08.27.11

NANO AntiVirus

Riskware.Win32.Zugo.lkpve

0.28.2.61861

Reason Heuristics

PUP.Installer.iCentricCorporation.M

14.8.27.10

SUPERAntiSpyware

Trojan.Agent/Gen-Downloader

10396

Trend Micro House Call

HV_ZYX_CA224ACA.TOMC

7.2.239

Vba32 AntiVirus

Trojan.Scar

3.12.26.3

Zillya! Antivirus

Trojan.Scar.Win32.57656

2.0.0.1902

File size:

567 KB (580,608 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\downloads\setup_370434.exe

Digital Signature

Signed by:

iCentric Corporation

Authority:

VeriSign, Inc.

Valid from:

11/14/2011 7:00:00 PM

Valid to:

11/14/2012 6:59:59 PM

Subject:

CN=iCentric Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iCentric Corporation, L=Los Angeles, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

73786A810B7FD89C972173A18B7A5562

File PE Metadata

Compilation timestamp:

11/5/2011 8:27:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:NJYIlIUr41owTtmHgYPW82ImgHTas8NrWr4YYARWP/yYaI1xCLo6yvt:NZlaTtmHJPWBImCTar84XH7x1s8Z1

Entry address:

0x9D40

Entry point:

E8, 1E, FF, FF, FF, 33, C0, 50, 50, 50, 50, E8, 4E, 2C, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, CD, 98, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, CA, 9C, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 18, E2, 40, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 1C, E2, 40, 00, 8D, 45, E4... 
[+]

Entropy:

7.9156 (probably packed)

Code size:

52 KB (53,248 bytes)

The file setup_370434.exe has been seen being distributed by the following URL.

http://members.driverguide.com/.../?id=370434&auth=9c7df767d2e4cf385fc04f109999e82a&us=1

Remove setup_370434.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.