home

video_downloader.exe

InstallCore Ltd.

The application video_downloader.exe by InstallCore has been detected as adware by 21 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.downloads-center.com and multiple other hosts.
Publisher:
InstallCore Ltd.  (signed and verified)

MD5:
e9844a19ef112b08c20777e57c3f8d85

SHA-1:
db141532f05d706a229beb87654ab18d7385d286

SHA-256:
d3d68fd40c4f42f73db2110e80bd25686054f2a8b1b7c2e1ae8667a9ed18c7d4

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/8/2024 5:48:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.29707
879

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.132.242

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1498

Bitdefender
Gen:Variant.Adware.Strictor.29707
1.0.20.1255

Clam AntiVirus
W32.Adware.InstallCore
0.98/18355

Comodo Security
ApplicUnwnt.Win32.AdWare.Agent.~A
17818

Dr.Web
Adware.InstallCore.40
9.0.1.0251

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.29707
8.14.09.08.07

ESET NOD32
Win32/InstallCore (variant)
8.9449

F-Prot
W32/InstallCore.C.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.29707
11.2014-08-09_2

G Data
Gen:Variant.Adware.Strictor.29707
14.9.24

McAfee
Artemis!E9844A19EF11
5600.7013

MicroWorld eScan
Gen:Variant.Adware.Strictor.29707
15.0.0.753

NANO AntiVirus
Riskware.Win32.WebToolbarInst.utxfq
0.28.0.57630

Reason Heuristics
PUP.InstallCore.Q
14.9.8.19

Rising Antivirus
PE:PUF.InstallCore!1.9DE1
23.00.65.14906

Trend Micro House Call
TROJ_GEN.R0CBOH0KU13
7.2.251

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.24.3

VIPRE Antivirus
InstallCore
26670

XVirus List
Win32.Detected
2.9.8

File size:
1012.8 KB (1,037,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\video_downloader.exe

Digital Signature
Signed by:
InstallCore Ltd.

Authority:
COMODO CA Limited

Valid from:
2/20/2012 6:00:00 PM

Valid to:
2/20/2013 5:59:59 PM

Subject:
CN=InstallCore Ltd., OU=Support, O=InstallCore Ltd., STREET=Nisim Aloni 21, L=Tel Aviv, S=N/A, PostalCode=62919, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0088971791FBF6CE4920268CDF6A0A825F

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:3XKziL9Hv/i+2aw2bHnVrkAI1rc7CJjmB4wJTmw5/G:HKziLt/i+2aw2bHnVrkP1rc7CBk4WTmR

Entry address:
0xC194A

Entry point:
55, 8B, EC, 83, C4, F0, B8, 16, CC, 47, 00, E8, E1, F4, FF, FF, C3, C7, C5, CF, 06, CF, 68, 60, AE, C2, E0, 90, C2, 62, F7, 06, C2, 4F, 2B, B4, CC, A2, 60, E4, ED, 86, 89, C5, 29, 30, 48, 14, E1, F3, EE, 9D, AF, 55, 88, B8, D3, 3F, A8, EF, CE, DB, 43, 75, C8, A4, BF, 27, DD, AD, 0C, 31, 6D, 40, 67, 95, 02, 46, 1E, 2E, 81, 25, 7C, EE, A0, F4, A5, 70, D9, 49, 19, 1A, 63, EC, 16, 6E, E1, 3F, 2C, 49, CB, 28, 91, 1C, C0, BD, 2F, 6E, 55, 18, 61, 3D, FD, F7, E4, F1, 2B, 27, 7B, 0C, C0, CB, 28, C2, 6B, 0B, 1E, 2D...
 
[+]

Entropy:
6.6207

Developed / compiled with:
Microsoft Visual C++

Code size:
786.5 KB (805,376 bytes)

The file video_downloader.exe has been seen being distributed by the following 2 URLs.

http://www.downloads-center.com/geo/downloads/.../video_downloader.exe

http://www.mynicepicks.com/download/.../Downloader.exe

Remove video_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.