home

word 2.exe

ISBRInstaller

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application word 2.exe by ISBRInstaller has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the installCore installer. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform.
Publisher:
ISBRInstaller  (signed and verified)

MD5:
11a4e65ab86f95e12222616183ebe156

SHA-1:
e6a2b10a12653d774948db6b3037959687920c84

SHA-256:
991942d093b5e2693e8d644886ff8bffd0da25fb9b1cd1ad1cf9894822161db4

Scanner detections:
23 / 68

Status:
Adware

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 10:42:27 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.106.148

AVG
MalSign.InstallC
2016.0.3167

Bkav FE
W32.Clod447.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17076

Dr.Web
Trojan.Packed.24524
9.0.1.076

ESET NOD32
Win32/InstallCore.CA.gen (variant)
9.8724

Fortinet FortiGate
Riskware/InstallCore_CA
3/17/2015

F-Prot
W32/InstallCore.R2.gen
v6.4.7.1.166

herdProtect (fuzzy)
variant of raidcall-726-32-bits.exe (Adware)
2015.6.23.9

IKARUS anti.virus
SoftwareBundler
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10679

Malwarebytes
PUP.Optional.InstallCore
v2015.03.17.02

McAfee
Artemis!6EBF57E2F60E
5600.6823

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

NANO AntiVirus
Riskware.Win32.InstallCore.ddoubc
0.28.2.61861

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.Installer.ironSource
15.3.17.14

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V0802
7.2.76

Trend Micro
TROJ_FAKEAV.BMC
10.465.17

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore.b
20854

File size:
648.4 KB (663,912 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Digital Signature
Signed by:
ISBRInstaller

Authority:
COMODO CA Limited

Valid from:
7/16/2013 9:00:00 PM

Valid to:
7/17/2014 8:59:59 PM

Subject:
CN=ISBRInstaller, O=ISBRInstaller, STREET=Ronthschilde 63, L=Tel Aviv, S=Tel Aviv, PostalCode=6527319, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
158EF632B1D9C77CF5AAB6A9367E7FCE

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:QyMJfsGJQEGWkDQOY5t41H8Dulsr/6c0mnRuYWiUcgNBXGzk+cyBmRvM:QyMJfsVEGdR1AulsbxuD4aB2o4B

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

Remove word 2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.