home

anydvd_hd_v7.3.9.0_multilingual_._patch_-_brd.exe

TINY INSTALLER

Tiny Installer is a download manager variant from Adknowledge that packages various adware-type offers (toolbar, coupon extensions, utilities) with software distributions. The application anydvd_hd_v7.3.9.0_multilingual_._patch_-_brd.exe, “Premium Installer ” by TINY INSTALLER has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.downlite.net and multiple other hosts.
Publisher:
Premium Installer   (signed by TINY INSTALLER)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
05d038c1b9617d3f02cadc3465df9250

SHA-1:
a71dbfa66ff5f40df037fd1a133981ac24023768

SHA-256:
e3ba3724688b7a492f9109145de4fcbe2bc7b088c6310d57c15f6d8587cb656f

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The Tiny Installer download manager bundles various adware components.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 1:44:30 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.AdWare
7.1.1

AhnLab V3 Security
PUP/Win32.IBryte
2013.12.31

Avira AntiVirus
APPL/iBryte.Gen
7.11.123.230

avast!
Win32:IBryte-BY [PUP]
2014.9-131230

AVG
Skodna.Generic
2014.0.3609

Bkav FE
W32.Clodf41.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17570

Dr.Web
Trojan.Packed.25202
9.0.1.0364

ESET NOD32
Win32/AdWare.iBryte.J.gen (variant)
7.9259

Fortinet FortiGate
Riskware/IBryte_I
12/30/2013

G Data
Win32.Adware.Ibryte
13.12.22

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.2.2.29

K7 AntiVirus
Adware
13.175.10766

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.4542

Malwarebytes
PUP.Optional.iBryte
v2013.12.30.12

McAfee
Artemis!05D038C1B961
5600.7265

NANO AntiVirus
Trojan.Win32.Downware.cqioox
0.28.0.57029

Panda Antivirus
Trj/Genetic.gen
13.12.30.12

Reason Heuristics
PUP.Installer.TINYINSTALLER.j
14.8.8.3

Rising Antivirus
PE:Trojan.Injector!1.9C6C
23.00.65.131228

Sophos
iBryte Optimum Installer
4.96

Trend Micro House Call
TROJ_GEN.F47V1126
7.2.364

Vba32 AntiVirus
AdWare.iBryte
3.12.24.3

VIPRE Antivirus
Optimum Installer
25184

File size:
2.3 MB (2,370,344 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\anydvd_hd_v7.3.9.0_multilingual_._patch_-_brd.exe

Digital Signature
Signed by:
TINY INSTALLER

Authority:
VeriSign, Inc.

Valid from:
6/3/2013 2:00:00 AM

Valid to:
6/4/2014 1:59:59 AM

Subject:
CN=TINY INSTALLER, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TINY INSTALLER, L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54C184C0CB6B6510B3582483FC098463

File PE Metadata
Compilation timestamp:
11/25/2013 8:27:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:b0Atb3MurP2HLSLvxk5TiFq9Y4a51bKS6YEvQD8BTtBdalTlv:zb3dP2HOLCo4u1bsZBTIT

Entry address:
0x50165

Entry point:
E8, BE, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 78, EC, 48, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 18, B4, 63, 00, 77, 22, 6A, 04, E8, C1, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 23, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, A4, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 74, A0, 63, 00, 00, 75, 18, E8, F9, 81, 00, 00, 6A, 1E, E8, 21, 80, 00, 00, 68, FF, 00, 00, 00, E8, 37, 4D, 00, 00, 59, 59, A1...
 
[+]

Code size:
496 KB (507,904 bytes)

The file anydvd_hd_v7.3.9.0_multilingual_._patch_-_brd.exe has been seen being distributed by the following 32 URLs.

http://dl.downlite.net/index.php/.../RG9uX0pvbl8oMjAxMylfNzIwcF9CclJpcF94MjY0Xy1fWUlGWS5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../SolidWorks_2011_x64_SP2.exe

http://dl.downlite.net/index.php/.../TWluZWNyYWZ0XzEuNy4yX0NyYWNrZWRfW0Z1bGxfSW5zdGFsbGVyXV9bT25saW5lXV9bU2VydmVyX0xpc3RdXy5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../U0xFRVBJTkdfV0lUSF9TSVJFTlNfLV9ESVNDT0dSQVBIWV8oMjAxMC0xMylfW0NIQU5ORUxfTkVPXS5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Fast_.exe

http://dl.downlite.net/index.php/.../Thor_The_Dark_World_2013_DVDScr_x264_2Audio-SmY.exe

http://dl.downlite.net/index.php/.../Solsidan_-_S04E04_-_SweSub.avi.exe

http://dl.downlite.net/index.php/.../SnVzdGluLkJpZWJlci5CZWxpZXZlLjIwMTMuV0VCLURMLngyNjQuWUtSRy5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../SGFsZl9MaWZlXy5fQ291bnRlcl9TdHJpa2VfLl9Db25kaXRpb25fWmVyby5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Rm9vdGJhbGxfTWFuYWdlcl8yMDE0X1tNVUxUSTVdW1BDRFZEXVtSRUxPQURFRF1fLV9BbGFuXzY4MC5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Bob_Dylan_-_The_Genuine_Bootleg_Series_Vol._1_-_3_(9_CDs).exe

http://dl.downlite.net/index.php/.../U291dGguUGFyay5TZWFzb24uMTcuMTA4MHAuQ29tcGxldGUuV0VCLURMLngyNjQtQXJpYW5GWF8od2l0aF9Fbi5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Um9zZXR0YV9TdG9uZV9KYXBhbmVzZV9WM19Db21wbGV0ZS5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Tron_2.0_Killer_App_mod.exe

http://dl.downlite.net/index.php/.../U3ByaW5nX0JyZWFrZXJzWzcyMHBdMi41MkdCLmV4ZQ==?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../N19EYXlzX3RvX0RpZV9BbHBoYV8zX3g2NF9DcmFja2VkXzNETV9bVklQRVI2NjZdLmV4ZQ==?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../d2luZG93c192aXN0YV9ob21lX3ByZW1pdW1feDg2X3dpdGhfYWN0aXZhdGlvbl9jcmFjay5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Minecraft_1.7_launcher.exe

http://dl.downlite.net/index.php/.../TG9yZGVfLV9QdXJlX0hlcm9pbmVfMjAxM19Qb3BfMzIwa2Jwc19DQlJfTVAzX1tWWF1fW1AyUERMXS5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../Pacific_Rim_(2013)_720p_BrRip_x264_-_YIFY.exe

http://dl.downlite.net/index.php/.../Outlast-ALI213.exe

http://dl.downlite.net/index.php/.../Typing_of_the_Dead.exe

http://dl.downlite.net/index.php/.../ReFX.Nexus.v2.2.VSTi.RTAS.DVDR-AiRISO.exe

http://dl.downlite.net/index.php/.../GRID_2-RELOADED.exe

http://dl.downlite.net/index.php/.../Gta.San.Andreas.Crack.Fully.Working..exe

http://dl.downlite.net/index.php/.../TUlDUk9TT0ZUX09GRklDRV9XT1JEXzIwMDdfW3RoZXRoaW5neV0uZXhl?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../VGhlX0VsZGVyX1Njcm9sbHNfVl9Ta3lyaW0tUmF6b3IxOTExLmV4ZQ==?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../WW9ic18tX1RoZV9Xb3JzdF9PZl9UaGVfWW9icy5leGU=?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../U25vd19MZW9wYXJkXzEwLjYuMS0xMC42LjJfSW50ZWxfQU1EX21hZGVfYnlfSGF6YXJkLmV4ZQ==?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

http://dl.downlite.net/index.php/.../U2lsdmVyLkxpbmluZ3MuUGxheWJvb2suMjAxMi5EVkRSSVAtRURBVzIwMTMuZXhl?product_id=3&affiliate_id=9&channel=7249&version=9&ub=1

Latest 30 of 32 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.