Home / malwarePDF  

PUA:Win32/InstallMate


First posted on 02 July 2016.
Source: Microsoft

Aliases :

There are no other names known for PUA:Win32/InstallMate.

Explanation :

Installation

This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:

  • bak.uploadfiles.eu
  • s3.amazonaws.com
  • fs11n1.sendspace.com


We have seen this application use the following file names:
  • DownloadSetup.exe
  • FastDownload.exe
  • DownloadSetup (1).exe
  • SaveAs.exe
  • Download.exe
  • Codec-V.exe
  • setup.exe
  • Codec-C.exe
  • VaudiX.exe


It can be digitally signed by the following vendors:
  • Artua Vladislav
  • Stas Kosmov
  • Daneil Jemoch
  • Natan Risman
  • Open Source Developer, Yuri LEBEDEV


We have seen this application using product names such as:
  • Setup
  • TopApp soft
  • Supersoftware App
  • BrilliantInstaller
  • Application fields Software


This application communicates with domains such as:
  • c1.downlloaddatamy.info
  • r2.dirgreatbestepicl.info
  • r1.dirgreatbestepicl.info


For example:
  • c1.downlloaddatamy.info/?
  • r1.dirgreatbestepicl.info/?
  • r2.dirgreatbestepicl.info/?


This description was published using automated analysis.

Last update 02 July 2016

 

TOP

Malware :