Home / malware SoftwareBundler:Win32/ICLoader
First posted on 10 August 2016.
Source: MicrosoftAliases :
There are no other names known for SoftwareBundler:Win32/ICLoader.
Explanation :
Installation
This threat is distributed from software crack sites. When a user searches for software cracks or full versions of games or applications, these websites will serve a small application which will act as a downloader for the claimed program.
When this threat runs, it opens the following window:
If the user clicks Yes
(the most likely initial response), it would seem to quit the program. However, it silently installs additional applications without your consent. The milseading message being shown when clicking on X is common to this SoftwareBundler family.
Searching for cracks from the search engine will sometimes show results which point to sites which will link to this SoftwareBundler family. Here is a sample site:
Scrolling down below takes the user to a download button:
When this page is opened, another file will be downloaded from the background (before even clicking on the link), which is SoftwareBundler:Win32/ICLoader:
We have also seen this SoftwareBundler being distributed as cheat programs in some forums - in the guise of a cheat tool.
Payload
Installs other unwanted software
We have seen this threat install another unwanted software, BrowserModifier:Win32/Neobar.
After this threat has finished running (whether it has installed anything or not), it silently removes itself from the system.
Analysis by Allan SepilloLast update 10 August 2016
