InstallRex

Category: Adware and PUAs Protection available since:10 Oct 2012 22:59:32 (GMT)
Type: Unspecified PUA Last Updated:29 Jul 2014 03:30:48 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

InstallRex  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallRex include:

Example 1

File Information

Size
306K
SHA-1
00000da361529cc33b2d99293ef1a149947fe559
MD5
11f08e19c49c99193e98d5e824e7f206
CRC-32
5e3aad99
File type
Windows executable
First seen
2013-12-06

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\4.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Custom.dll
    Size
    74K
    SHA-1
    49d8ef6835a6de734ead4e0b2cbbc65735cd5c17
    MD5
    e8d86c771d7e23b080921b9803f1654c
    CRC-32
    0e5f78b4
    File type
    Windows executable
    First seen
    2007-08-25
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\2_0.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Setup.exe
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu38A53324.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFC775.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\_Setup.dll
HTTP Requests
  • http://c1.stylezip.info/
  • http://i1.stylezip.info/images/general_logo.jpg
  • http://i1.stylezip.info/images/v_grey.jpg
DNS Requests
  • c1.stylezip.info
  • i1.stylezip.info
  • r1.stylezip.info

Example 2

File Information

Size
314K
SHA-1
00001602edf273083b4daaa5294a18d9307a18b2
MD5
2f0c50dcaf177097d2efe92d94178428
CRC-32
05abd8d4
File type
Windows executable
First seen
2014-02-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuD2C51C9F.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Custom.dll
    Size
    92K
    SHA-1
    5f0546ec86f3e27f0eec4d5d5451edc630907654
    MD5
    c9d3d86ee95ae4d20c80de9ddaa8fa40
    CRC-32
    f3445fc6
    File type
    Windows executable
    First seen
    2014-01-29
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Setup.exe
HTTP Requests
  • http://c1.getapplicationmy.info/
  • http://c2.getapplicationmy.info/
DNS Requests
  • c1.getapplicationmy.info
  • c2.getapplicationmy.info
  • r1.getapplicationmy.info
  • r2.getapplicationmy.info

Example 3

File Information

Size
306K
SHA-1
00002d6ece4affdd02de5da13ab3f9d5b7408a9d
MD5
9a3e00ec97d67504a90f570782e56798
CRC-32
3ba3882e
File type
Windows executable
First seen
2007-08-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Setup.exe
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BD3D6FD0\cfg\4_2.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Readme.txt
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BD3D6FD0\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu08EF48E9.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF5D72.tmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ReceiveTimeout
    0x000927c0
HTTP Requests
  • http://c1.stylefun.info/
  • http://i1.stylefun.info/images/ebook_logo.jpg
  • http://i1.stylefun.info/images/v_grey.jpg
DNS Requests
  • c1.stylefun.info
  • i1.stylefun.info
  • r1.stylefun.info

download Try Sophos products for free
Download now