One Installer

Category: Adware and PUAs Protection available since:23 Apr 2013 22:46:14 (GMT)
Type: Unspecified PUA Last Updated:30 May 2013 20:04:36 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

"One Installer" is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of One Installer include:

Example 1

File Information

Size
505K
SHA-1
0dac8ecba9fb8581e12ae03fee9118f5109baaad
MD5
08ed2b473c205e84d780bca71cfa1168
CRC-32
9ae7ee50
File type
Windows executable
First seen
2013-05-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_DE.txt
    Size
    7.5K
    SHA-1
    0ece803452634288eb181c4c5045699bc1c0d941
    MD5
    9687db60dff5507d9cd8d004e7e3a26e
    CRC-32
    25404346
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\inetc.dll
    Size
    76K
    SHA-1
    5a72a6a18514bed5fcae00f891f1c540bbd3341f
    MD5
    ba2746d730da7f0fcac4866adfef6f51
    CRC-32
    18725eb2
    File type
    Windows executable
    First seen
    2012-05-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\headerleft.bmp
    Size
    151K
    SHA-1
    adb5814cfb2b290820ac5fdbe39b1be93361538c
    MD5
    b51c0193322f26226ddc917a7a68b601
    CRC-32
    d6f964bf
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_EN.txt
    Size
    6.5K
    SHA-1
    c57878fb3c23dfc878fe7e8a1d2c5a059fbe3a78
    MD5
    74ce34310e88cb92f4d9ba4ec0b0b73e
    CRC-32
    57f76458
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\modern-wizard.bmp
    Size
    151K
    SHA-1
    adb5814cfb2b290820ac5fdbe39b1be93361538c
    MD5
    b51c0193322f26226ddc917a7a68b601
    CRC-32
    d6f964bf
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\nsArray.dll
    Size
    6.0K
    SHA-1
    1d9a116d55be1beb0089e392d5ae342e2bffa8a4
    MD5
    7b42ce0bb387ae8a452136da404bf6b0
    CRC-32
    6760433d
    File type
    Windows executable
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_ES.txt
    Size
    7.3K
    SHA-1
    018175a8863d89d3bbce563e383388f14c3f0415
    MD5
    43dd6f9a89f9fabf70dd273f52993408
    CRC-32
    f9416bba
    File type
    Windows Codepage 1252
    First seen
    2013-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\nsRichEdit.dll
    Size
    5.5K
    SHA-1
    454a6d749cf55ff990bd9f57941aca9d1f1674f6
    MD5
    02f1858b3131ffc3fc5e3a5391d3a489
    CRC-32
    4ecb46e2
    File type
    Windows executable
    First seen
    2012-05-18
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_IT.txt
    Size
    7.4K
    SHA-1
    984d8d6a2e2344bf533e52f65a645e1e94785b2c
    MD5
    7fd5da93969dcb775debedc3ba9b9692
    CRC-32
    7e3f7cba
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_FR.txt
    Size
    7.5K
    SHA-1
    b2ecd585dccc79674db174fc3a4a59a7d31d761b
    MD5
    a8b48ba47a28477585916acf33b14906
    CRC-32
    631acc03
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\modern-header.bmp
    Size
    26K
    SHA-1
    e7bc35275c6eae5a22aed9f90830ee587ab23175
    MD5
    a874c7e034d71b27eda39cfb8c953874
    CRC-32
    79b723ce
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\utils.dll
    Size
    60K
    SHA-1
    247b4e1b4100b8ba426fe8957b9de3f32b1bbaee
    MD5
    ae97029e01393cb7ba395504c49d9fe2
    CRC-32
    e752bd0b
    File type
    Windows executable
    First seen
    2012-04-28
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_PT.txt
    Size
    7.5K
    SHA-1
    62b3af8e85eba353512f5a2caeabdf1c92bbeb4a
    MD5
    cf70e8fa1f1be7395fa77d50849312f6
    CRC-32
    fbad24ef
    File type
    Windows Codepage 1252
    First seen
    2012-08-17
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\OneInstallerLicense_NL.txt
    Size
    7.9K
    SHA-1
    ada22eee51eff1247b32c51003dd2b0d822fb826
    MD5
    d0b01cdf1ea4a3e9c6952bd77060dfa6
    CRC-32
    8ddd89cd
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
HTTP Requests
  • http://stats.oneinstaller.com/report/
  • http://stats.oneinstaller.com/report/oneinst.php
  • http://www.gifmania.com/amor/cupido/030916_cupidon.gif
DNS Requests
  • stats.oneinstaller.com
  • www.gifmania.com

Example 2

File Information

Size
482K
SHA-1
4f86c3cbcd594a02f8827c8948ce652c30cb0e9d
MD5
187b1b7deda4b0527ed64e707310635f
CRC-32
5d814302
File type
Windows executable
First seen
2013-05-17

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\utils.dll
    Size
    60K
    SHA-1
    247b4e1b4100b8ba426fe8957b9de3f32b1bbaee
    MD5
    ae97029e01393cb7ba395504c49d9fe2
    CRC-32
    e752bd0b
    File type
    Windows executable
    First seen
    2012-04-28
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_IT.txt
    Size
    7.4K
    SHA-1
    984d8d6a2e2344bf533e52f65a645e1e94785b2c
    MD5
    7fd5da93969dcb775debedc3ba9b9692
    CRC-32
    7e3f7cba
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_EN.txt
    Size
    6.5K
    SHA-1
    c57878fb3c23dfc878fe7e8a1d2c5a059fbe3a78
    MD5
    74ce34310e88cb92f4d9ba4ec0b0b73e
    CRC-32
    57f76458
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_DE.txt
    Size
    7.5K
    SHA-1
    0ece803452634288eb181c4c5045699bc1c0d941
    MD5
    9687db60dff5507d9cd8d004e7e3a26e
    CRC-32
    25404346
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_FR.txt
    Size
    7.5K
    SHA-1
    b2ecd585dccc79674db174fc3a4a59a7d31d761b
    MD5
    a8b48ba47a28477585916acf33b14906
    CRC-32
    631acc03
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsArray.dll
    Size
    6.0K
    SHA-1
    1d9a116d55be1beb0089e392d5ae342e2bffa8a4
    MD5
    7b42ce0bb387ae8a452136da404bf6b0
    CRC-32
    6760433d
    File type
    Windows executable
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\modern-header.bmp
    Size
    27K
    SHA-1
    c59033b9063e685b001b2bd6cf3dc712544277a2
    MD5
    8cc04ed7d5505a854e20cd106807b271
    CRC-32
    105a178f
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-05-20
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_PT.txt
    Size
    7.5K
    SHA-1
    62b3af8e85eba353512f5a2caeabdf1c92bbeb4a
    MD5
    cf70e8fa1f1be7395fa77d50849312f6
    CRC-32
    fbad24ef
    File type
    Windows Codepage 1252
    First seen
    2012-08-17
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\modern-wizard.bmp
    Size
    151K
    SHA-1
    083e07dfe99e429d26f2b197f5c9304418f7b7c5
    MD5
    a27dfc2cb011a17368a6c3eac7d44984
    CRC-32
    cc8b2fab
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-05-20
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsRichEdit.dll
    Size
    5.5K
    SHA-1
    454a6d749cf55ff990bd9f57941aca9d1f1674f6
    MD5
    02f1858b3131ffc3fc5e3a5391d3a489
    CRC-32
    4ecb46e2
    File type
    Windows executable
    First seen
    2012-05-18
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\inetc.dll
    Size
    76K
    SHA-1
    5a72a6a18514bed5fcae00f891f1c540bbd3341f
    MD5
    ba2746d730da7f0fcac4866adfef6f51
    CRC-32
    18725eb2
    File type
    Windows executable
    First seen
    2012-05-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\headerleft.bmp
    Size
    151K
    SHA-1
    083e07dfe99e429d26f2b197f5c9304418f7b7c5
    MD5
    a27dfc2cb011a17368a6c3eac7d44984
    CRC-32
    cc8b2fab
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-05-20
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_NL.txt
    Size
    7.9K
    SHA-1
    ada22eee51eff1247b32c51003dd2b0d822fb826
    MD5
    d0b01cdf1ea4a3e9c6952bd77060dfa6
    CRC-32
    8ddd89cd
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\OneInstallerLicense_ES.txt
    Size
    7.3K
    SHA-1
    018175a8863d89d3bbce563e383388f14c3f0415
    MD5
    43dd6f9a89f9fabf70dd273f52993408
    CRC-32
    f9416bba
    File type
    Windows Codepage 1252
    First seen
    2013-04-23
HTTP Requests
  • http://software.onekit.com/software/applications/DesktopModify/DesktopModify.exe
  • http://stats.oneinstaller.com/report/
  • http://stats.oneinstaller.com/report/oneinst.php
DNS Requests
  • software.onekit.com
  • stats.oneinstaller.com

Example 3

File Information

Size
498K
SHA-1
828be0a874f108bfc1d609261215fe0b6c97534b
MD5
77fba418982fbb8de5f6ca0d793d93fe
CRC-32
9bbd68ba
File type
Windows executable
First seen
2013-04-25

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\modern-wizard.bmp
    Size
    151K
    SHA-1
    adb5814cfb2b290820ac5fdbe39b1be93361538c
    MD5
    b51c0193322f26226ddc917a7a68b601
    CRC-32
    d6f964bf
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_FR.txt
    Size
    7.5K
    SHA-1
    b2ecd585dccc79674db174fc3a4a59a7d31d761b
    MD5
    a8b48ba47a28477585916acf33b14906
    CRC-32
    631acc03
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_PT.txt
    Size
    7.5K
    SHA-1
    62b3af8e85eba353512f5a2caeabdf1c92bbeb4a
    MD5
    cf70e8fa1f1be7395fa77d50849312f6
    CRC-32
    fbad24ef
    File type
    Windows Codepage 1252
    First seen
    2012-08-17
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_EN.txt
    Size
    6.5K
    SHA-1
    c57878fb3c23dfc878fe7e8a1d2c5a059fbe3a78
    MD5
    74ce34310e88cb92f4d9ba4ec0b0b73e
    CRC-32
    57f76458
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\nsRichEdit.dll
    Size
    5.5K
    SHA-1
    454a6d749cf55ff990bd9f57941aca9d1f1674f6
    MD5
    02f1858b3131ffc3fc5e3a5391d3a489
    CRC-32
    4ecb46e2
    File type
    Windows executable
    First seen
    2012-05-18
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\utils.dll
    Size
    60K
    SHA-1
    247b4e1b4100b8ba426fe8957b9de3f32b1bbaee
    MD5
    ae97029e01393cb7ba395504c49d9fe2
    CRC-32
    e752bd0b
    File type
    Windows executable
    First seen
    2012-04-28
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\nsArray.dll
    Size
    6.0K
    SHA-1
    1d9a116d55be1beb0089e392d5ae342e2bffa8a4
    MD5
    7b42ce0bb387ae8a452136da404bf6b0
    CRC-32
    6760433d
    File type
    Windows executable
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_NL.txt
    Size
    7.9K
    SHA-1
    ada22eee51eff1247b32c51003dd2b0d822fb826
    MD5
    d0b01cdf1ea4a3e9c6952bd77060dfa6
    CRC-32
    8ddd89cd
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\headerleft.bmp
    Size
    151K
    SHA-1
    adb5814cfb2b290820ac5fdbe39b1be93361538c
    MD5
    b51c0193322f26226ddc917a7a68b601
    CRC-32
    d6f964bf
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\modern-header.bmp
    Size
    26K
    SHA-1
    e7bc35275c6eae5a22aed9f90830ee587ab23175
    MD5
    a874c7e034d71b27eda39cfb8c953874
    CRC-32
    79b723ce
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-04-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_DE.txt
    Size
    7.5K
    SHA-1
    0ece803452634288eb181c4c5045699bc1c0d941
    MD5
    9687db60dff5507d9cd8d004e7e3a26e
    CRC-32
    25404346
    File type
    Windows Codepage 1252
    First seen
    2012-12-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_ES.txt
    Size
    7.3K
    SHA-1
    018175a8863d89d3bbce563e383388f14c3f0415
    MD5
    43dd6f9a89f9fabf70dd273f52993408
    CRC-32
    f9416bba
    File type
    Windows Codepage 1252
    First seen
    2013-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\OneInstallerLicense_IT.txt
    Size
    7.4K
    SHA-1
    984d8d6a2e2344bf533e52f65a645e1e94785b2c
    MD5
    7fd5da93969dcb775debedc3ba9b9692
    CRC-32
    7e3f7cba
    File type
    Windows Codepage 1252
    First seen
    2012-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\inetc.dll
    Size
    76K
    SHA-1
    5a72a6a18514bed5fcae00f891f1c540bbd3341f
    MD5
    ba2746d730da7f0fcac4866adfef6f51
    CRC-32
    18725eb2
    File type
    Windows executable
    First seen
    2012-05-22
HTTP Requests
  • http://stats.oneinstaller.com/report/
  • http://stats.oneinstaller.com/report/oneinst.php
  • http://www.gifmania.com/amor/cupido/030807angel01.gif
DNS Requests
  • stats.oneinstaller.com
  • www.gifmania.com

download Try Sophos products for free
Download now