Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/InstCore.350
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:584.072 Bytes
MD5 checksum:066b0A995cc74e0Deb916732a3550A69

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Trojan.ADH.2
   •  Eset: Win32/InstallCore.H
     DrWeb: Adware.InstallCore.21
     Norman: W32/InstallCore.AY


Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Downloads files
   • Drops files


Right after execution the following information is displayed:


 Files  It creates the following directories:
   • C:\TEMP\ish416625\
   • C:\TEMP\is1438683437\



The following files are created:

Non malicious files:
   • C:\TEMP\ish416625\defaultOffer\offer_code.dat
   • C:\TEMP\ish416625\defaultOffer\offer_html.dat
   • C:\TEMP\ICReinstall_tr.exe
   • C:\TEMP\is1438683437\MyBabylonTB.exe

 Miscellaneous Accesses internet resources:
   • os.webfilescdn.com
   • cdneu.webfilescdn.com
   • cdnus.webfilescdn.com
   • d.afdads.com
   • rp.webfilescdn.com
   • cdn.afdads.com

 File details Programming language:
The malware program was written in Delphi.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Martin Muench on Tuesday, March 13, 2012
Description updated by Martin Muench on Tuesday, March 13, 2012

Back . . . .