» {5816dcf7-1974-4a12-a903-a99f679cc444}.exe
Overview
Analysis
File Details

{5816dcf7-1974-4a12-a903-a99f679cc444}.exe

The application {5816dcf7-1974-4a12-a903-a99f679cc444}.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

MD5:

13d6c710f49c2eddb21dc62dc0e1d7f8

SHA-1:

43dcf8ce8b27ffdf9cf3ce4bb50809b85c135e47

SHA-256:

80ee523447c5f65307c3453bbe9c779cea9ae28289e16dcd79dd16ce2691b6d5

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:

4/18/2024 10:46:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.D

889

Agnitum Outpost

PUA.InstallBrain

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.169.248

AVG

InstallBrain.A

2015.0.3367

Bitdefender

Application.Bundler.InstallBrain.D

1.0.20.1205

Comodo Security

UnclassifiedMalware

19353

Dr.Web

Threat.Undefined

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

9.0.0.4324

ESET NOD32

Win32/InstallBrain.BH potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/InstallBrain

8/29/2014

F-Secure

Application.Bundler.InstallBrain

11.2014-29-08_6

G Data

Application.Bundler.InstallBrain

14.8.24

IKARUS anti.virus

PUA.InstallBrain

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13198

Malwarebytes

Adware.InstallBrain

v2014.08.29.05

MicroWorld eScan

Application.Bundler.InstallBrain.D

15.0.0.723

NANO AntiVirus

Riskware.Win32.Downware.cstqny

0.28.2.61861

Panda Antivirus

Trj/Agent.JJW

14.08.29.05

VIPRE Antivirus

InstallBrain

32658

File size:

800.9 KB (820,150 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\iolo\safetynet\manual\{3d6cce1c-8a4b-4880-b39e-410e1bd4154b}\{5816dcf7-1974-4a12-a903-a99f679cc444}.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

24576:DFdD09i71mzFMrGyMWRLRjLVWFToINryQJEC2g:DjCi78UGyMWRFLVWagBB2g

Entry point:

50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, B1, 74, 33, 44, 58, CE, 5E, 87, 00, 83, 0C, 00, A8, 7C, 1C, 00, 2A, 00, 00, 00, 7B, 35, 38, 31, 36, 44, 43, 46, 37, 2D, 31, 39, 37, 34, 2D, 34, 41, 31, 32, 2D, 41, 39, 30, 33, 2D, 41, 39, 39, 46, 36, 37, 39, 43, 43, 34, 34, 34, 7D, 2E, 65, 78, 65, EC, BD, 7D, 7C, 54, D5, 9D, 3F, 7E, 27, 33, 49, 06, 32, E4, 0E, 64, 80, 51, 47, 9D, 96, 51, A3, 49, 35, 3A, 69, 9B, 38, A9, 06, CC, 84, 80, 09, 4C, 9E, 26, B8, 92, C4, 47, 16, 29, 15, 4C, 66, 00, 57, 82, 81, 9B, 68, 2E, 87... 
[+]

Remove {5816dcf7-1974-4a12-a903-a99f679cc444}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.