» video_to_mp3_setup_nortonsecurity3_d2m_demo.exe
Overview
Analysis
File Details
Downloads (1)

video_to_mp3_setup_nortonsecurity3_d2m_demo.exe

ironCdemo

The application video_to_mp3_setup_nortonsecurity3_d2m_demo.exe by ironCdemo has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dnld.ironcustapps.com.

File name:

Publisher:

ironCdemo (signed and verified)

MD5:

1fa66d9c6053b890bddf34a28f808ab6

SHA-1:

465ffa8a767187b3858c69038ef22031169f7481

SHA-256:

a6f8274cd49af25325a92884d4cf47c3443a7a243efdbaad25d8d4cf1f876694

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/24/2024 1:10:31 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/InstallCore.Gen

3.6.1.96

AVG

InstallC

2016.0.3144

ESET NOD32

Win32/InstallCore.VW potentially unwanted application

7.0.302.0

F-Prot

W32/A-2d45491d

v6.4.7.1.166

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

File size:

681.5 KB (697,808 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\video_to_mp3_setup_nortonsecurity3_d2m_demo.exe

Digital Signature

Signed by:

ironCdemo

Authority:

COMODO CA Limited

Valid from:

10/7/2013 3:00:00 AM

Valid to:

10/8/2014 2:59:59 AM

Subject:

CN=ironCdemo, O=ironCdemo, STREET=Lilinblum 28, L=Tel Aviv, S=Israel, PostalCode=6513307, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

15D8078242920800FDA26F46F1CCF23D

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:NivprSdRYvaFypvpZ/buIMN3ixdFeq87QiIk6O8c2Ptqjjq0+nodAvN:Niv5SddIpDuIMNSVee99O8ftq/bKl

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.7687

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file video_to_mp3_setup_nortonsecurity3_d2m_demo.exe has been seen being distributed by the following URL.

http://dnld.ironcustapps.com/cust/.../Video_To_MP3_Setup_NortonSecurity3_d2m_demo.exe

Remove video_to_mp3_setup_nortonsecurity3_d2m_demo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.