home

samsung-mobile-phone-usb-driver-software.exe

The application samsung-mobile-phone-usb-driver-software.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform.
MD5:
20309b78562bd017eab1c539eb8b6a69

SHA-1:
9e5abb2427ea07149ce7c0cda94fe2891730d496

SHA-256:
39361e41046dca34b7544f8a22d7d54eff1a9b6733c476f0b980fea08b6bb1fb

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
5/9/2024 11:31:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/UpdateStar.IE
7.11.82.152

AVG
MalSign.InstallC
2015.0.3391

Comodo Security
ApplicUnwnt
17893

Dr.Web
Adware.Downware.1283
9.0.1.0217

ESET NOD32
Win32/InstallCore.BL
8.8587

Fortinet FortiGate
W32/InstallCore.BL
8/5/2014

F-Prot
W32/InstallCore.R.gen
4.6.5.141

herdProtect (fuzzy)
variant of icreinstall_microsoft-net-framework-client-profile.exe (PUP)
2014.9.12.16

IKARUS anti.virus
SoftwareBundler
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11351

McAfee
Artemis!AB9D1673DAC1
5600.7047

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.10302

nProtect
Adware/W32.Agent.605800
14.03.05.01

Rising Antivirus
PE:Malware.InstallCore!6.1B8
23.00.65.14803

Sophos
Install Core Installer
4.91

Trend Micro House Call
TROJ_FAKEAV.BMC
7.2.217

Trend Micro
TROJ_FAKEAV.BMC
10.465.05

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore.b
19718

File size:
591.6 KB (605,800 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\samsung-mobile-phone-usb-driver-software.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:si5yMJfsrpeD214TFl2cwlZpyW6fQ2u2uFF8eUHpEda+jN:fyMJfs9Rc2cYcWf1X8XHpsN

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

Remove samsung-mobile-phone-usb-driver-software.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.