Gridinsoft Logo
File Icon

Co.exe Adware InstallCore Analysis

Updated 1 year ago
Checked by Malware Check
co.exe

Technical Analysis

File Name co.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.154.174
Database Version 2024-01-08 18:01:56 UTC

Adware.Win32.InstallCore.vl!c

Malware family: InstallCore

InstallCore is a software distribution framework used by developers. It is often associated with potentially unwanted programs and adware through software bundling without clear user consent.
N/A
Detection Rate
21,899,408
File Size (bytes)
2024-01-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
55405f31f66e14569d3bd34d65e7e388
SHA1
265910ac6a7769f3068fc969e40def3c75b78f3c
SHA256
e4786e76380f0cb6f1d1a1ca67774d518114951fa9d59b8ffdb8550991f110a6
SHA512
a213df1a3cf839d162e88b508c6e943cfebecc2dc6205129a4a509b7d4e23f2820e35b0d2a59597acfff81b53b1dc120a78f851ea78313c3a632879e935d91ca
ImpHash
5e78adb8cb4d0d5c058e95fd1db4ce38

PE Analysis

Basic Information

Icon
Hash: 5771b0fae29f38cac49fcbccd914d4c2
Fuzzy: b7621093455d12c52d863db1873a2897
dHash: f0f0bed4d4d4f0f0
Image Base 0x00400000
Entry Point 0x00b75e44
Compilation Time 2023-11-28 14:47:36
Checksum 0x014eb41d (Actual: 0x014eb41d)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path D:\develop\BitComet_2.05\app\Release_unicode\GUI_BitComet_wx.pdb
Digital Signature An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present
Imports 21 libraries
Exports 0 functions
Resources 154 Resources
Sections 7 Sections

Digital Signatures

Certum Trusted Network CA Unizeto Technologies S.A. (PL)
Certum Timestamping 2021 CA Asseco Data Systems S.A. (PL)
Certum Trusted Network CA 2 Asseco Data Systems S.A. (PL)
Certum Trusted Network CA 2 Asseco Data Systems S.A. (PL)
Certum Code Signing 2021 CA Xing Wang (CN)

Version Information

CompanyName www.BitComet.com
FileDescription BitComet - a BitTorrent Client
FileVersion 2.05
InternalName BitComet.exe
LegalCopyright Copyright(C) 2003-2023 All Rights Reserved.
ProductName BitComet
ProductVersion 2.05
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 13,449,140 bytes 13,449,216 bytes 6.68 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 31CEEE5C9F493BA9FF2663884F512088
.rdata 0x00cd5000 4,637,346 bytes 4,637,696 bytes 5.60 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CCDFCFA57437E09A073621EFC050269B
.data 0x01142000 1,730,628 bytes 416,256 bytes 5.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 265C08EAE1B3F6B305B464554CB32F87
.detourc 0x012e9000 4,544 bytes 4,608 bytes 3.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 13E08E8819E5FDA11776A799C7CAA563
.detourd 0x012eb000 12 bytes 512 bytes 0.07 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 15D7BD12D01A5E1CC9BCFDA0DF81F640
.rsrc 0x012ec000 2,278,712 bytes 2,278,912 bytes 7.94 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 07494C1A69326723E7ED9AEECA154FBD
.reloc 0x01519000 1,100,768 bytes 1,100,800 bytes 6.53 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 449789C29B3E24AA5249139169ED1AF5
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 154 (2,267,179 bytes)
Resource Type Count Total Size Percentage
DLL 1 2,560 bytes
0.1%
MHT 3 74,651 bytes
3.3%
PNG 87 1,673,127 bytes
73.8%
ZIP 7 321,401 bytes
14.2%
RT_ICON 36 171,173 bytes
7.6%
RT_GROUP_ICON 6 540 bytes
0%
RT_VERSION 1 720 bytes
0%
RT_HTML 12 22,213 bytes
1%
RT_MANIFEST 1 794 bytes
0%

Certificate Chain Analysis

Certificate #1
Subject Certum Trusted Network CA 2
Unizeto Technologies S.A.
PL
Issuer Certum Trusted Network CA
Serial Number 36831864946870993744187066625231351079
Certificate #2
Subject Certum Timestamp 2023
Asseco Data Systems S.A.
PL
Issuer Certum Timestamping 2021 CA
Serial Number 12990091761336652031772869827997649713
Certificate #3
Subject Certum Code Signing 2021 CA
Asseco Data Systems S.A.
PL
Issuer Certum Trusted Network CA 2
Serial Number 204220824695607667577196483744657304121
Certificate #4
Subject Certum Timestamping 2021 CA
Asseco Data Systems S.A.
PL
Issuer Certum Trusted Network CA 2
Serial Number 308377848162979334299411899320923366791
Certificate #5
Subject Xing Wang
Xing Wang
CN
Issuer Certum Code Signing 2021 CA
Serial Number 142540952136945333859675369454265582376
Certificate Verification Status

An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Adware.Win32.InstallCore.vl!c Removal

Gridinsoft has the capability to identify and eliminate Adware.Win32.InstallCore.vl!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware