Install Core Installer

Catégorie: Adwares et PUA Protection disponible depuis:07 nov. 2012 23:32:26 (GMT)
Type: Unspecified PUA Dernière mise à jour :16 janv. 2015 11:25:52 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

"Install Core Installer" is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Install Core Installer include:

Example 1

File Information

Size
577K
SHA-1
000121fe9c537b03033fc6d2340114d1331380e8
MD5
28ce3fa1cfea51ac0305cb9855c8fe4c
CRC-32
e060eb04
File type
Windows executable
First seen
2012-07-12

Runtime Analysis

Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdneu.webfilescdn.com/Prod/FLVPlayer-v2.cis
  • http://cdnus.webfilescdn.com/Prod/FLVPlayer-v2.cis
DNS Requests
  • cdneu.webfilescdn.com
  • cdnus.webfilescdn.com
  • os.webfilescdn.com

Example 2

File Information

Size
519K
SHA-1
000da0ad742dbacd22ab3e1988c9c22ddca3ae10
MD5
7f659cbc0abebfae646274db114901af
CRC-32
5c742504
File type
Windows executable
First seen
2012-07-18

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\Progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\close_button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\next-button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\Bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\next-button-over.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\finish-button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\license.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\ie6_main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\822155676.cfg
  • c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\117869_Setup.CIS
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\is1590112554\923313444.cfg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\icon.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\images\progress-bg.png
  • c:\Documents and Settings\test user\Desktop\Continue FLV Player Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\blank.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\buttons.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish109234\css\sdk-ui\browse.css
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x2a425e19
HTTP Requests
  • http://cdneu.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
  • http://cdnus.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
DNS Requests
  • cdneu.flvplayerpro.net
  • cdnus.flvplayerpro.net
  • os.flvplayerpro.net

Example 3

File Information

Size
557K
SHA-1
000f9c5628b078477b0340e8eb45844da9895543
MD5
5803cd61485657d3ef4465d26fbf1c29
CRC-32
cdcd41ac
File type
Windows executable
First seen
2012-02-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\offer_html.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\ie6_main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\buttons.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\browse.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\offer_code.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\finish-button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\skip-button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\is1438683437\131593377.cfg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\US\offer_html.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\is1438683437\1572444273.cfg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\next-button.png
  • c:\Documents and Settings\test user\Desktop\Continue FoxTab Music Converter Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\finish_button.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\blank.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\back-button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\close_button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\next-button-over.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\Bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\icon.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\defaultOffer\US\offer_code.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\images\Software.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\license.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\ish119875\css\sdk-ui\images\button-bg.png
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x2a425e19
HTTP Requests
  • http://cdneu.solvefile.com/Prod/AudioConverter-v2.cis
  • http://cdnus.solvefile.com/Prod/AudioConverter-v2.cis
DNS Requests
  • cdneu.solvefile.com
  • cdnus.solvefile.com
  • os.solvefile.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant