Gridinsoft Logo
File Icon

BitComet.exe Adware InstallCore Analysis

Updated 8 months ago
Checked by Malware Check
BitComet.exe

Technical Analysis

File Name BitComet.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.194.174
Database Version 2024-10-28 12:00:38 UTC

Adware.Win64.InstallCore.vl!c

Malware family: InstallCore

InstallCore is a software distribution framework used by developers. It is often associated with potentially unwanted programs and adware through software bundling without clear user consent.
N/A
Detection Rate
28,349,328
File Size (bytes)
2024-10-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
cbb6d49fcb708b9aeb7ba74567091fe9
SHA1
dbde15b4ee94437a82cace375ad1ca55739ad57f
SHA256
5760e7283ea31834aa16976fe052c156c26cc1c2459a043152c06ce2b8a4fd1e
SHA512
bee080ec0d335cc1774c05f98e4480fc4d0ff825bfcee3822171adc461023c3f6952ecb064d33b5c8709e520bc8ee29a63e28381f0847aa3919e097586428a8e
ImpHash
d2fca41c9e84b9f5f8a2abb235194346

PE Analysis

Basic Information

Icon
Hash: 5771b0fae29f38cac49fcbccd914d4c2
Fuzzy: b7621093455d12c52d863db1873a2897
dHash: f0f0bed4d4d4f0f0
Image Base 0x140000000
Entry Point 0x1409b30ec
Compilation Time 2024-08-20 14:20:48
Checksum 0x01b0c216 (Actual: 0x01b0c216)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\develop\BitComet_2.09\app\Release_unicode_x64\GUI_BitComet_wx.pdb
Digital Signature An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present
Imports 21 libraries
Exports 0 functions
Resources 154 Resources
Sections 8 Sections

Version Information

CompanyName www.BitComet.com
FileDescription BitComet - a BitTorrent Client
FileVersion 2.09
InternalName BitComet.exe
LegalCopyright Copyright(C) 2003-2024 All Rights Reserved.
ProductName BitComet 64-bit
ProductVersion 2.09
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 16,640,872 bytes 16,641,024 bytes 6.52 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D8172A89727D5A90675AFF866AE8297F
.rdata 0x00fe0000 7,819,386 bytes 7,819,776 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 18D2DC02F0F2359F67CE82A478659E94
.data 0x01756000 1,904,976 bytes 518,656 bytes 4.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 083DD69B886CF0AD13627C0F1E07B3D5
.pdata 0x01928000 684,092 bytes 684,544 bytes 6.77 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9F3FA5744D00E0E2B55F73DD73A57539
.detourc 0x019d0000 8,720 bytes 9,216 bytes 2.81 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CAD5D451B901B03DC9C75917F5B6FD70
.detourd 0x019d3000 24 bytes 512 bytes 0.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EDDA25907019E5CC74C177F6952E5E4B
.rsrc 0x019d4000 2,313,136 bytes 2,313,216 bytes 7.95 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 024B004BDC7022110ACC023346570B60
.reloc 0x01c09000 350,760 bytes 351,232 bytes 5.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 254FC73B275AC4CCC4BCA95C5E1A4FEB
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 154 (2,301,600 bytes)
Resource Type Count Total Size Percentage
DLL 1 2,560 bytes
0.1%
MHT 3 74,651 bytes
3.2%
PNG 87 1,707,536 bytes
74.2%
ZIP 7 321,401 bytes
14%
RT_ICON 36 171,173 bytes
7.4%
RT_GROUP_ICON 6 540 bytes
0%
RT_VERSION 1 732 bytes
0%
RT_HTML 12 22,213 bytes
1%
RT_MANIFEST 1 794 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Adware.Win64.InstallCore.vl!c Removal

Gridinsoft has the capability to identify and eliminate Adware.Win64.InstallCore.vl!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware