InstallRex

Category: Adware and PUAs Protection available since:10 Oct 2012 22:59:32 (GMT)
Type: Unspecified PUA Last Updated:20 May 2018 06:39:10 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

InstallRex  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallRex include:

Example 1

File Information

Size
317K
SHA-1
003dba283629d6a4b6ee2e0662c0df43398620f0
MD5
be2b5fbece8ce25ded7bde57baa75ce5
CRC-32
ab56817b
File type
Windows executable
First seen
2014-05-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF9B56.tmp
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BCFC47CB\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuAA62FDA9.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{20260D5A-8117-4F9E-AD75-C935FBC52FAC}\v_grey.jpg
HTTP Requests
  • http://c1.downlloaddatamy.info/
  • http://i1.megagetnews.net/images/ufonts_logo.jpg
  • http://i1.megagetnews.net/images/v_grey.jpg
DNS Requests
  • c1.downlloaddatamy.info
  • i1.megagetnews.net
  • r1.getapplicationmy.info

Example 2

File Information

Size
316K
SHA-1
0069e8805988839bbd1e212a2a443b78a18dba6a
MD5
44faa84765f47853d84c2133d6fd9968
CRC-32
21068482
File type
Windows executable
First seen
2014-08-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu6DF7859A.dll
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\3.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\1.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\32B78167\cfg\4.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\general_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFBE9A.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{EA110F4B-39D4-4F54-ADBF-71F631F22DBD}\Setup.ico
HTTP Requests
  • http://c1.setepicnew.info/
  • http://i1.superstoragemy.com/images/general_logo.bmp
  • http://i1.superstoragemy.com/images/sendspace_logo.jpg
DNS Requests
  • c1.setepicnew.info
  • i1.superstoragemy.com
  • r1.homebestmy.info

Example 3

File Information

Size
324K
SHA-1
00dfa8231fdc9aa0e36fbf4653bd06db3b507986
MD5
ef0adeb1a627d18a91eca8c3c3a10252
CRC-32
ac1b137f
File type
Windows executable
First seen
2014-08-13

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\8DFC12A5\cfg\4_2.ini
  • C:\Documents and Settings\All Users\Application Data\InstallMate\8DFC12A5\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuBBE5446D.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\general_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFE2C9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{6C6AAA54-633A-4350-A1BB-2B18B78988A2}\v_grey.jpg
HTTP Requests
  • http://c1.setepicnew.info/
  • http://i1.superstoragemy.com/images/ebook_logo.jpg
  • http://i1.superstoragemy.com/images/general_logo.bmp
  • http://i1.superstoragemy.com/images/v_grey.jpg
DNS Requests
  • c1.setepicnew.info
  • i1.superstoragemy.com
  • r1.homebestmy.info

download Try Sophos products for free
Download now