InstallRex

Kategorie: Adware und PUAs Schutz verfügbar seit:10 Okt 2012 22:59:32 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:25 Feb 2016 02:41:25 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

InstallRex  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallRex include:

Example 1

File Information

Size
316K
SHA-1
0000485b45c0423bd96543894b81dace50e493c0
MD5
e7a17957518d3a490073dde6900ad585
CRC-32
57e1e634
File type
Windows executable
First seen
2014-06-29

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\0F6D656E\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\Custom.dll
    Size
    92K
    SHA-1
    6f339df7ef61590c7ca38ac684cba0f287a1d23f
    MD5
    5a8a3d03a7b403dd81e4105cb32d1c84
    CRC-32
    ac7ec514
    File type
    Windows executable
    First seen
    2014-06-29
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFAEB0.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu435CF15E.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\general_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{7E457362-5AE3-41DD-A336-12C1A5A65194}\Setup.ico
  • C:\Documents and Settings\All Users\Application Data\InstallMate\0F6D656E\cfg\3.ini
HTTP Requests
  • http://c1.setepicnew.info/
  • http://i1.superstoragemy.com/images/general_logo.bmp
  • http://i1.superstoragemy.com/images/sendspace_logo.jpg
DNS Requests
  • c1.setepicnew.info
  • i1.superstoragemy.com
  • r1.homebestmy.info

Example 2

File Information

Size
316K
SHA-1
000056904b66694b8b30cf642b526162e82c5f11
MD5
97d7b9f940c9ff53a2a4a7ecb44c3927
CRC-32
bdcef52b
File type
Windows executable
First seen
2014-05-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\general_logo.bmp
  • C:\Documents and Settings\All Users\Application Data\InstallMate\2AEB846B\cfg\2.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\2AEB846B\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu89BE8635.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{D6256E9A-476C-40DB-A230-0F4E0DC64C6C}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFDC5E.tmp
HTTP Requests
  • http://c1.downlloaddatamy.info/
  • http://i1.megagetnews.net/images/general_logo.bmp
  • http://i1.megagetnews.net/images/v_grey.jpg
DNS Requests
  • c1.downlloaddatamy.info
  • i1.megagetnews.net
  • r1.getapplicationmy.info

Example 3

File Information

Size
328K
SHA-1
000075f27fa2cd6fe4126e090d67a15a3d935a5e
MD5
750138fa7ff1e32c31cc326ecd01c4d7
CRC-32
5e5a8c3a
File type
Windows executable
First seen
2014-08-14

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\AE6EBA79\cfg\2.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\AE6EBA79\cfg\3.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\Setup.exe
  • C:\Documents and Settings\All Users\Application Data\InstallMate\AE6EBA79\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuD7BE4156.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\Custom.dll
    Size
    92K
    SHA-1
    3a2cb309b6cfce58a9ef088fdb2991fcd310bd51
    MD5
    2bdc9b8700279ef07fd219bab13c2dc2
    CRC-32
    98a2ad86
    File type
    Windows executable
    First seen
    2014-08-12
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFB5C2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{13E45089-37FA-4AEC-A807-7FD8C807727F}\general_logo.bmp
HTTP Requests
  • http://c1.guidefelefile.com/
  • http://i1.transferre.in/images/general_logo.bmp
  • http://i1.transferre.in/images/mp3olimp_logo.jpg
DNS Requests
  • c1.guidefelefile.com
  • i1.transferre.in
  • r1.homemagicuk.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden