home

winamp563_downloader.exe

The application winamp563_downloader.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.instalki.pl.
MD5:
db5cb0ffbb1f1fd2125c4d8e8e0d3ff6

SHA-1:
eb76e26f9add50e60e43251fec98fd70ab181d87

SHA-256:
f326737a606173c3557eb5c32d2c4b55838cbc18779afe13843aba12a28b5408

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 5:55:00 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.61.192

ESET NOD32
Win32/InstallCore.AZ (variant)
8.8024

File size:
1.2 MB (1,238,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winamp563_downloader.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Mtq0o/nfFzjjaVb85UGC8xSBLF96E8TR+BlS:MtqLHa6CLF96E4s7

Entry address:
0xD85C0

Entry point:
55, 8B, EC, 83, C4, F0, B8, A4, 79, 40, 00, E8, BA, F8, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
877.5 KB (898,560 bytes)

The file winamp563_downloader.exe has been seen being distributed by the following URL.

http://www.instalki.pl/.../get_Winamp.php

Remove winamp563_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.