» windows 7 loader activator v2.9.6.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

windows 7 loader activator v2.9.6.exe

WinAutomation Job

Created with WinAutomation (http://www.WinAutomation.com)

The application windows 7 loader activator v2.9.6.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address p3nlhg304c1304.shr.prod.phx3.secureserver.net on port 80 using the HTTP protocol.

File name:

Publisher:

Created with WinAutomation (http://www.WinAutomation.com)

Product:

WinAutomation Job

Version:

3.1.5.637

MD5:

45930ef78651756b74695c255e86db20

SHA-1:

3199d44a07d1ae908b18819cd4f66fa3fd0625b1

SHA-256:

3a1e6270eb3423c30a2a030e4ab76051422995bc8b0abdb6b37dd1237aab29e8

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 3:42:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.18738

338

AegisLab AV Signature

Troj.FakeSkype

2.1.4+

Avira AntiVirus

TR/Spy.Agent.2564096.2

8.3.3.2

Arcabit

Trojan.Razy.D4932

1.0.0.656

avast!

Win32:Malware-gen

2014.9-160303

AVG

PSW.MSIL

2017.0.2816

Bitdefender

Gen:Variant.Razy.18738

1.0.20.315

Dr.Web

Trojan.DownLoader19.38097

9.0.1.063

Emsisoft Anti-Malware

Gen:Variant.Razy.18738

8.16.03.03.01

ESET NOD32

MSIL/Spy.Agent.AKI (variant)

10.13114

Fortinet FortiGate

PossibleThreat.P0

3/3/2016

F-Secure

Gen:Variant.Razy.18738

11.2016-03-03_5

G Data

Gen:Variant.Razy.18738

16.3.25

IKARUS anti.virus

PUA.InstallCore

t3scan.2.0.8.0

K7 AntiVirus

Spyware

13.214.18915

Kaspersky

Trojan.Win32.Agent.neubnf

14.0.0.575

McAfee

Artemis!45930EF78651

5600.6472

MicroWorld eScan

Gen:Variant.Razy.18738

17.0.0.189

NANO AntiVirus

Trojan.Win32.Agent.easmqa

1.0.18.6677

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16301

VIPRE Antivirus

Trojan.Win32.Generic

47606

File size:

2.4 MB (2,564,096 bytes)

Product version:

3.1.5.637

Original file name:

tmpE96F.tmp

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

2/28/2016 11:56:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:PZK3HLJuhEr1b+T3yA1lcAbbW2SQz9nIDtm9B3YCjsil1z9mVfuVJFg5oK7:hiMR9nIhU1cRuVJFgCK7

Entry address:

0x2620CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7878

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.4 MB (2,494,464 bytes)

User Start Menu Item

Name:

Pro_upg.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to p3nlhg304c1304.shr.prod.phx3.secureserver.net (50.63.38.1:80)

Remove windows 7 loader activator v2.9.6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.