PUA

What is “Install Core Installer (PUA)”?

Malware Removal

The Install Core Installer (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Install Core Installer (PUA) virus can do?

  • A file was accessed within the Public folder.
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Install Core Installer (PUA)?



File Info:

name: 95779DBC606C447D322D.mlw
path: /opt/CAPEv2/storage/binaries/21fcff0a952a196fe873f7f56e43cd01d455aa8b1c07621079c6d4f5052513fc
crc32: 82445709
md5: 95779dbc606c447d322d9d747f38e000
sha1: 02570db994842e0b9902c2daa309e6a2bfb3a8ac
sha256: 21fcff0a952a196fe873f7f56e43cd01d455aa8b1c07621079c6d4f5052513fc
sha512: 7e5b977a83d487ecada9dc50da53614e968f30f21933132107ea74f743ebc2d541baad40f96c1c275de7e34f0e443d3182ea0f5e37b36aa38b4a842d647ba4a1
ssdeep: 12288:yQtgbevp60KTgFGL4UB78xuOzBYtr+D4VS5OMMw:XwevtzCBguOKh1VxMMw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10C9423B2E5413D78C4762AB0B1164B6C6A65F4638F914F28DA5CFA5FF8B3072D200F96
sha3_384: b3ff889e7190b164ce488ea7a52fb631a8b8a63903f5de8ab084924cc04934fe12d77ddc6f6d529adf881479406c021a
ep_bytes: 60be00a048008dbe0070f7ffc7871077
timestamp: 1992-06-19 22:22:17


Version Info:

FileDescription: InstallCore© Installer         
FileVersion: 1, 0, 0, 9
InternalName: InstallCore© Installer      
ProductName: InstallCore©  Installer SDK 4.1   
ProductVersion: 1, 0, 0, 9
CompanyName: InstallCore© Technologies         
LegalCopyright: Copyright InstallCore© Technology 4.1     
Translation: 0x0409 0x04e4

Install Core Installer (PUA) also known as:

Elasticmalicious (moderate confidence)
CAT-QuickHealPUA.GenericIH.S11541529
SkyhighBehavesLike.Win32.PUP.gc
Cylanceunsafe
ZillyaTrojan.SecurityShield.Win32.4861
SangforPUP.Win32.Sweetim.Vzbd
AlibabaAdWare:Win32/SweetIM.5d080261
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
VirITAdware.Generic4.BPYY
SymantecSMG.Heur!gen
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/SweetIM.B potentially unwanted
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0OB124
Paloaltogeneric.ml
ClamAVWin.Trojan.Installcore-137
Kasperskynot-a-virus:HEUR:AdWare.Win32.DealPly.gen
NANO-AntivirusRiskware.Win32.InstallCore.domcpb
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:PUP-gen [PUP]
TencentMalware.Win32.Gencirc.10b0aa39
F-SecurePotentialRisk.PUA/InstallCore.Gen
DrWebTrojan.DownLoader2.36264
TrendMicroTROJ_GEN.R002C0OB124
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.95779dbc606c447d
SophosInstall Core Installer (PUA)
IkarusTrojan.SuspectCRC
JiangminAdWare.DealPly.mdnd
WebrootW32.Bagle.Gen
VaristW32/InstallCore.I.gen!Eldorado
AviraPUA/InstallCore.Gen
Antiy-AVLTrojan/Win32.Tgenic
Kingsoftmalware.kb.b.991
MicrosoftTrojan:Win32/Wacatac.A!ml
XcitiumSuspicious@#2lpfwyaoo42ef
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.DealPly.gen
CynetMalicious (score: 100)
McAfeeArtemis!95779DBC606C
GoogleDetected
VBA32BScope.Adware.Funmoods
MalwarebytesPUP.Optional.InstallCore
RisingMalware.Heuristic!ET#98% (C64:YzY0Om6TldzyDl9+)
YandexTrojan.GenAsa!CbZaoVU34IQ
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/InstallCore
AVGWin32:PUP-gen [PUP]
DeepInstinctMALICIOUS

How to remove Install Core Installer (PUA)?

Install Core Installer (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment