"Install Core Installer" is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.
Examples of Install Core Installer include:
Example 1
File Information
- Size
- 577K
- SHA-1
- 000121fe9c537b03033fc6d2340114d1331380e8
- MD5
- 28ce3fa1cfea51ac0305cb9855c8fe4c
- CRC-32
- e060eb04
- File type
- Windows executable
- First seen
- 2012-07-12
Runtime Analysis
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- Name
- test_item.exe
HTTP Requests
- http://cdneu.webfilescdn.com/Prod/FLVPlayer-v2.cis
- http://cdnus.webfilescdn.com/Prod/FLVPlayer-v2.cis
DNS Requests
- cdneu.webfilescdn.com
- cdnus.webfilescdn.com
- os.webfilescdn.com
Example 2
File Information
- Size
- 519K
- SHA-1
- 000da0ad742dbacd22ab3e1988c9c22ddca3ae10
- MD5
- 7f659cbc0abebfae646274db114901af
- CRC-32
- 5c742504
- File type
- Windows executable
- First seen
- 2012-07-18
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\checkbox.css
- Size
- 190
- SHA-1
- 50f84ef8331341b48981af82313b146863eba526
- MD5
- 64773c6b0e3413c81aebc46cce8c9318
- CRC-32
- 19f79d2c
- File type
- Cascading Style Sheet
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\browse.css
- Size
- 318
- SHA-1
- 4a2fc034bf7b4e84d832b6bbd9413d2055b9ec62
- MD5
- 10c359bc980927bb66b215407ece3e66
- CRC-32
- 2be79f4c
- File type
- Cascading Style Sheet
- First seen
- 2011-06-28
- c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\117869_Setup.CIS
- Size
- 519K
- SHA-1
- 3d4a73d29ad11b0a303da5f67fea4e5c7b8b32ec
- MD5
- 2f9258acb673e4c1a00eb3beb4c8650d
- CRC-32
- ee092db2
- File type
- Unspecified binary - probably data
- First seen
- 2011-02-25
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\images\button-bg.png
- Size
- 131
- SHA-1
- a1615c118fbfa49253d98185eae283f26ea392d7
- MD5
- 98b1de48dfa64dc2aa1e52facfbee3b0
- CRC-32
- 55349b32
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\blank.gif
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\main.css
- Size
- 4.3K
- SHA-1
- 15685fda209fe48f7f3b78d2aea2b874c2e42042
- MD5
- 124d618ec97ff6100f59554a7e8414b3
- CRC-32
- e4160738
- File type
- Cascading Style Sheet
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Desktop\Continue FLV Player Installation.lnk
- Size
- 894
- SHA-1
- 34b960896919da48864650163b3190e9f07be8f1
- MD5
- b6ff85c3346ff9b47390a9611335f228
- CRC-32
- 18148394
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-07-18
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\button.css
- Size
- 417
- SHA-1
- 4ec405f2668d5d93260525ad916abafa2414cb72
- MD5
- 37e1ff96e084ec201f0d95feef4d5e94
- CRC-32
- 7df9208e
- File type
- Cascading Style Sheet
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\ie6_main.css
- Size
- 1.2K
- SHA-1
- e7488b4b7363b011aa82abbce84f914e3329750a
- MD5
- 69b3f7194795871e6eac286439118ddd
- CRC-32
- b67b6418
- File type
- Cascading Style Sheet
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\images\progress-bg.png
- Size
- 2.8K
- SHA-1
- 1c1baec7b7fe7a420ccf68d3112384b44f8ba89e
- MD5
- 32a6846fe53388eb03be3ada2221297f
- CRC-32
- 185ef92f
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2010-11-02
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\icon.png
- Size
- 4.0K
- SHA-1
- 265b9a3f3c80f40f8534ddcfbf9c1ed61e3b1b20
- MD5
- b460d82eab7af8ba6e338e351dd0ecdc
- CRC-32
- fd5630f9
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\Bg.gif
- Size
- 21K
- SHA-1
- 18a1300c684442bffb41dcba54d30c72888f48ec
- MD5
- 94d82a50272a4423dca66ae32e0602ca
- CRC-32
- 1a37b87d
- File type
- Graphic interchange format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\923313444.cfg
- Size
- 236
- SHA-1
- d88993cea2000f9f469cdc9560a1406c3ff86593
- MD5
- eaefaeff2850a30d5c07c6c9a1fa8363
- CRC-32
- 43aa53e8
- File type
- Base64 encoded
- First seen
- 2012-07-18
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\buttons.css
- Size
- 1.2K
- SHA-1
- ff395834bb8ff730b31c1daefc8ff197ce280ad0
- MD5
- a84fee16240de0d25f1b3ec8df25a11c
- CRC-32
- afa9d3f9
- File type
- Cascading Style Sheet
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\822155676.cfg
- Size
- 236
- SHA-1
- 252652f44f59bd89c886d080a5df5e2f3ba5bfe1
- MD5
- c150e76f59de3a78676027b4fd4d0f18
- CRC-32
- d092d643
- File type
- Base64 encoded
- First seen
- 2012-07-18
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\progress-bar.css
- Size
- 632
- SHA-1
- 88f079fd001feb2cb302565b87fdb81c8995dd93
- MD5
- 8f6a2e09ace79158461b82d74ff6c7fd
- CRC-32
- abef9d5d
- File type
- Cascading Style Sheet
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\next-button.png
- Size
- 2.4K
- SHA-1
- bb5253c868861ff10fd48dcce1309d847f087e80
- MD5
- 274548cb843bb96fcb50a79a2340b22d
- CRC-32
- f817eb1e
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\close_button.png
- Size
- 1.4K
- SHA-1
- c173be4937a63672570078b325864c76b28040b8
- MD5
- 83487401daf307d6c726a479de1ee6f9
- CRC-32
- 6f6bf5ce
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\progress-bg.png
- Size
- 176
- SHA-1
- 4130ba10d3bb2267f19fa07dc0672e6ba23a8c4e
- MD5
- 192b249d9413082d676f85d1509fe258
- CRC-32
- 284673fb
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\next-button-over.png
- Size
- 2.4K
- SHA-1
- 513234aec8111706e7031090bd85f26e524821d8
- MD5
- 23802443dcdd0cb5dcc00f1d3bd9cfe6
- CRC-32
- 359447e1
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\loader.gif
- Size
- 6.2K
- SHA-1
- a2b8147953636de537c66afb06105a3889a55915
- MD5
- 85954ea60a946e9c41e33260cee2bbc4
- CRC-32
- a0d5923d
- File type
- Graphic interchange format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\finish-button.png
- Size
- 2.3K
- SHA-1
- e21be5ea412b4dc02b7d3a61ab3a798946224cae
- MD5
- e37ec66b72996fc3ad929cd068570d4d
- CRC-32
- 22eff3aa
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\license.txt
- Size
- 19K
- SHA-1
- 546e8db4ecbba7a701d36a3b1b263c9d9b60d384
- MD5
- 75a5340d5a321f4f889e7891336a3478
- CRC-32
- 36ec47d5
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\ProgressBar.png
- Size
- 266
- SHA-1
- 339d70c35d53f322908be28dd80002379b739921
- MD5
- 0e0aead9873f985325c78c564830b2da
- CRC-32
- 6128f1be
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\Progress.png
- Size
- 333
- SHA-1
- 57d2e50c9f6345d6a81b2d766d31d92ed741f822
- MD5
- 2306755853711f1cb2f97cfc90440fb8
- CRC-32
- f012e3f8
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-03-16
- c:\Documents and Settings\test user\Local Settings\Temp\ish109234\locale\EN.locale
- Size
- 2.4K
- SHA-1
- c4108cb3c4154c28511c71329cc97202024ce962
- MD5
- 4c8238a01db1ac103d3e876ab77c02ea
- CRC-32
- edc2e02c
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2012-03-16
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- Name
- test_item.exe
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- ID
- 0x2a425e19
HTTP Requests
- http://cdneu.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
- http://cdnus.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
DNS Requests
- cdneu.flvplayerpro.net
- cdnus.flvplayerpro.net
- os.flvplayerpro.net
Example 3
File Information
- Size
- 557K
- SHA-1
- 000f9c5628b078477b0340e8eb45844da9895543
- MD5
- 5803cd61485657d3ef4465d26fbf1c29
- CRC-32
- cdcd41ac
- File type
- Windows executable
- First seen
- 2012-02-04
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\close_button.png
- Size
- 1.2K
- SHA-1
- b9968e5cb49d8607eca39d1bb77dd6c7ec78ed0b
- MD5
- 77804bd31b703f61b2c3de518cd25d38
- CRC-32
- 0652477e
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\browse.css
- Size
- 318
- SHA-1
- 4a2fc034bf7b4e84d832b6bbd9413d2055b9ec62
- MD5
- 10c359bc980927bb66b215407ece3e66
- CRC-32
- 2be79f4c
- File type
- Cascading Style Sheet
- First seen
- 2011-06-28
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\locale\EN.locale
- Size
- 2.0K
- SHA-1
- d97050e501e09e859f49ac871b9ad645b8273359
- MD5
- 299ce8700041e3e688a29747e0d3b804
- CRC-32
- 2edb971b
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2011-06-27
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\main.css
- Size
- 3.8K
- SHA-1
- 8f2d54747f7e34b16311e435448a32cf23e6abd1
- MD5
- a57feadde7e5a4d66d498841fe67f10b
- CRC-32
- 6fa789db
- File type
- Cascading Style Sheet
- First seen
- 2011-07-11
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\US\offer_code.dat
- Size
- 7.6K
- SHA-1
- df923a6f06efb95f8ffc768d99e80cebfadc7b1a
- MD5
- 278fc4f3f366776d295797d6e840da33
- CRC-32
- 5a2e0d79
- File type
- JavaScript
- First seen
- 2012-01-13
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\buttons.css
- Size
- 1.2K
- SHA-1
- c3110a2cc7c003c37b9cdb77f57dbd39bc7ae35b
- MD5
- f03b9fcc0266083e3230b560e77a9793
- CRC-32
- 2b6fa2ff
- File type
- Cascading Style Sheet
- First seen
- 2011-07-11
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\icon.png
- Size
- 6.6K
- SHA-1
- 6b6f07d0cebe9eb54d0a125f83ec52533ccaea8b
- MD5
- de79607318368d7d82fefaef312c6fea
- CRC-32
- ec0f70e0
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\skip-button.png
- Size
- 1.4K
- SHA-1
- fd05f5b1d3f7c22d2e552e5710a87c8377df5e9d
- MD5
- db6ed921d71eb71d0f2e472655163128
- CRC-32
- 35e99774
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\progress-bg.png
- Size
- 2.8K
- SHA-1
- 1c1baec7b7fe7a420ccf68d3112384b44f8ba89e
- MD5
- 32a6846fe53388eb03be3ada2221297f
- CRC-32
- 185ef92f
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2010-11-02
- c:\Documents and Settings\test user\Local Settings\Temp\is1438683437\131593377.cfg
- Size
- 234
- SHA-1
- 7c6c0641cca09fba4eaa3328f6fe8056548a3689
- MD5
- 2e807e23b184ae1a75d958b00b8a26d2
- CRC-32
- 94c84fc3
- File type
- application/octet-stream
- First seen
- 2012-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\finish_button.jpg
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\button.css
- Size
- 417
- SHA-1
- 4ec405f2668d5d93260525ad916abafa2414cb72
- MD5
- 37e1ff96e084ec201f0d95feef4d5e94
- CRC-32
- 7df9208e
- File type
- Cascading Style Sheet
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\next-button-over.png
- Size
- 1.8K
- SHA-1
- 49503ccd3413d83e8e10ac37a90d923c30f22ab2
- MD5
- ff919dec157ed5280b16f1766eda5fe7
- CRC-32
- 38cf3078
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\images\button-bg.png
- Size
- 131
- SHA-1
- a1615c118fbfa49253d98185eae283f26ea392d7
- MD5
- 98b1de48dfa64dc2aa1e52facfbee3b0
- CRC-32
- 55349b32
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\progress-bar.css
- Size
- 501
- SHA-1
- da659b6a37b18c26a8f7342f93c03fe649ab6344
- MD5
- 5ccd1d0dc39bb6ae4cd6b58f0b310eb0
- CRC-32
- 1601b666
- File type
- Cascading Style Sheet
- First seen
- 2011-02-22
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\ie6_main.css
- Size
- 1.3K
- SHA-1
- e2ceb7a77eeb5570650c0c08a32529892ac40b2a
- MD5
- eb6ece534abd5370e99a5e70b7ac3775
- CRC-32
- 263b9eaa
- File type
- Cascading Style Sheet
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\offer_html.dat
- Size
- 3.0K
- SHA-1
- c7e9492888824ab18630493ed491ab1a12091752
- MD5
- 2cfb9e2a6c87aa189dd551214876bed1
- CRC-32
- 371cc8a8
- File type
- Unspecified Markup Language
- First seen
- 2011-07-20
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\next-button.png
- Size
- 1.8K
- SHA-1
- 50611ec8622ee27aa65b53005e89bb705c3f4aa6
- MD5
- 480bc7cc2b6e44d314da14ce58fc8681
- CRC-32
- f394fb4a
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\blank.gif
- c:\Documents and Settings\test user\Desktop\Continue FoxTab Music Converter Installation.lnk
- Size
- 894
- SHA-1
- 7aa0cae9f8e5ae3fb717d501fa2f3f9db3824ab0
- MD5
- d3ea7ce5d4a32b900b469a128280789f
- CRC-32
- 6920b917
- File type
- application/octet-stream
- First seen
- 2012-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\images\progress-bg.png
- Size
- 2.8K
- SHA-1
- 1c1baec7b7fe7a420ccf68d3112384b44f8ba89e
- MD5
- 32a6846fe53388eb03be3ada2221297f
- CRC-32
- 185ef92f
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2010-11-02
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\US\offer_html.dat
- Size
- 9.2K
- SHA-1
- 2deec8ddf72018a88abde178fe1dcb53626932fc
- MD5
- f27fc7cb95c1f35983b55dc694f35e6a
- CRC-32
- b9ff313d
- File type
- Unspecified Markup Language
- First seen
- 2012-01-13
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\back-button.png
- Size
- 1.3K
- SHA-1
- b3b4248e492727690c2adc7306a8ea0cd675b2ef
- MD5
- c5d63a3d40ff748895cf763749e8b931
- CRC-32
- 153dff79
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\is1438683437\1572444273.cfg
- Size
- 234
- SHA-1
- f21b22a7b78a5930d07263feac36dfba4885d09b
- MD5
- 06ad310791db83581823c4d4558a6a5d
- CRC-32
- 80702d6d
- File type
- application/octet-stream
- First seen
- 2012-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\Software.png
- Size
- 30K
- SHA-1
- 2e0e2dcc43580f4e02676401247937a84eb4428a
- MD5
- 037277cc7c83e5ce275dbcd95f6b44ea
- CRC-32
- d6669baf
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2010-09-29
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\loader.gif
- Size
- 22K
- SHA-1
- 032ae1e422af859d78d172e918573fb0f55318de
- MD5
- 360281e85620142c3329848262da263d
- CRC-32
- d4355efe
- File type
- Graphic interchange format
- First seen
- 2010-11-02
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\Bg.jpg
- Size
- 14K
- SHA-1
- 61848c9ffa2cc889cf7053340f8f1f6e2493a2fb
- MD5
- 7979c0c1720c8020cd6b2c4c439c8dc1
- CRC-32
- 241b9bdb
- File type
- JPEG Interchange Format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\finish-button.png
- Size
- 1.8K
- SHA-1
- 1f7d30c90a8f07917ec043a11f29028949fb7fd9
- MD5
- bde927ddfe21e4acbe1331b93b019883
- CRC-32
- fd067536
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2011-01-01
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\license.txt
- Size
- 19K
- SHA-1
- 0bbd50bba392c24c8b1a5d43a9c04f52bc5e3586
- MD5
- 1c6db3fa84a99ba1d82520ac8214f3da
- CRC-32
- ee299467
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2011-06-02
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\checkbox.css
- Size
- 190
- SHA-1
- 50f84ef8331341b48981af82313b146863eba526
- MD5
- 64773c6b0e3413c81aebc46cce8c9318
- CRC-32
- 19f79d2c
- File type
- Cascading Style Sheet
- First seen
- 2011-02-04
- c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\offer_code.dat
- Size
- 2.0K
- SHA-1
- fbb0b5dcd2cf4131f2819733d59ad5394f522449
- MD5
- 1d89ad332b73d8b7a065a0a9b119779e
- CRC-32
- 44e549c9
- File type
- JavaScript
- First seen
- 2012-01-01
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- Name
- test_item.exe
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- ID
- 0x2a425e19
HTTP Requests
- http://cdneu.solvefile.com/Prod/AudioConverter-v2.cis
- http://cdnus.solvefile.com/Prod/AudioConverter-v2.cis
DNS Requests
- cdneu.solvefile.com
- cdnus.solvefile.com
- os.solvefile.com