InstallRex

Kategorie: Adware und PUAs Schutz verfügbar seit:10 Okt 2012 22:59:32 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:09 Mrz 2018 18:38:16 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

InstallRex  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallRex include:

Example 1

File Information

Size
317K
SHA-1
003dba283629d6a4b6ee2e0662c0df43398620f0
MD5
be2b5fbece8ce25ded7bde57baa75ce5
CRC-32
ab56817b
File type
Windows executable
First seen
2014-05-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Custom.dll
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BCFC47CB\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuAA62FDA9.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF9B56.tmp
HTTP Requests
  • http://c1.downlloaddatamy.info/
  • http://i1.megagetnews.net/images/ufonts_logo.jpg
  • http://i1.megagetnews.net/images/v_grey.jpg
DNS Requests
  • c1.downlloaddatamy.info
  • i1.megagetnews.net
  • r1.getapplicationmy.info

Example 2

File Information

Size
316K
SHA-1
0069e8805988839bbd1e212a2a443b78a18dba6a
MD5
44faa84765f47853d84c2133d6fd9968
CRC-32
21068482
File type
Windows executable
First seen
2014-08-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu6DF7859A.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\3.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\1.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\4.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFBE9A.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\general_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\_Setup.dll
HTTP Requests
  • http://c1.setepicnew.info/
  • http://i1.superstoragemy.com/images/general_logo.bmp
  • http://i1.superstoragemy.com/images/sendspace_logo.jpg
DNS Requests
  • c1.setepicnew.info
  • i1.superstoragemy.com
  • r1.homebestmy.info

Example 3

File Information

Size
324K
SHA-1
00dfa8231fdc9aa0e36fbf4653bd06db3b507986
MD5
ef0adeb1a627d18a91eca8c3c3a10252
CRC-32
ac1b137f
File type
Windows executable
First seen
2014-08-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFE2C9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Setup.exe
  • C:\Documents and Settings\All Users\Application Data\InstallMate\8DFC12A5\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\general_logo.bmp
  • C:\Documents and Settings\All Users\Application Data\InstallMate\8DFC12A5\cfg\4_2.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuBBE5446D.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
HTTP Requests
  • http://c1.setepicnew.info/
  • http://i1.superstoragemy.com/images/ebook_logo.jpg
  • http://i1.superstoragemy.com/images/general_logo.bmp
  • http://i1.superstoragemy.com/images/v_grey.jpg
DNS Requests
  • c1.setepicnew.info
  • i1.superstoragemy.com
  • r1.homebestmy.info

Download Sophos Produkte kostenlos testen
Jetzt downloaden