» ca_installer.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

ca_installer.exe

A.INOLOGIX LTD

The application ca_installer.exe by A.INOLOGIX has been detected as adware by 3 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program clickadvanced frameworks by clickadvanced frameworks. This file is typically installed with the program clickadvanced frameworks by A.INOLOGIX LTD which is a potentially unwanted software program.

File name:

ca_installer.exe

Publisher:

A.INOLOGIX LTD (signed and verified)

MD5:

7d9098a5e4c7504fd11ec8fade006045

SHA-1:

2fb31db6dcb88e12b10eaf716ce7ddbc3ec9bf39

SHA-256:

405e0bbc948de228beac9ed6249ff50cd62e4636e6d91b14d8c84b8a57e4de25

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/24/2024 8:06:21 PM UTC (today)

Scan engine

Detection

Engine version

F-Secure

Trojan:JS/Kilim.L

11.2014-24-04_5

Reason Heuristics

PUP.AINOLOGIX.M

14.4.24.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

File size:

1.2 MB (1,256,032 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\clickadvanced frameworks\ca_installer.exe

Digital Signature

Signed by:

A.INOLOGIX LTD

Authority:

VeriSign, Inc.

Valid from:

5/26/2013 7:00:00 PM

Valid to:

5/27/2014 6:59:59 PM

Subject:

CN=A.INOLOGIX LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=A.INOLOGIX LTD, L=TEL AVIV, S=TEL AVIV, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

18226E15269C07E837AB13520DDA83A1

File PE Metadata

Compilation timestamp:

12/22/2013 4:59:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Y9+LDRZO8GtejS5x/ofza21SWZb8fwnIY0BsXEnADd:c+Hy86ejUtgNS9wIxsXHDd

Entry address:

0xA40ED

Entry point:

E8, 88, EC, 00, 00, E9, 7F, FE, FF, FF, E8, 17, 76, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 3C, DA, 4D, 00, 74, 10, 8B, 0D, 04, DB, 4D, 00, 85, 4A, 70, 75, 05, E8, FC, 73, 00, 00, 8B, 40, 04, C3, E8, F1, 75, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 3C, DA, 4D, 00, 74, 10, 8B, 0D, 04, DB, 4D, 00, 85, 4A, 70, 75, 05, E8, D6, 73, 00, 00, 05, A0, 00, 00, 00, C3, E8, C9, 75, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 3C, DA, 4D, 00, 74, 10, 8B, 0D, 04, DB, 4D, 00, 85, 4A, 70, 75, 05, E8, AE, 73, 00, 00, 8B, 40, 74, C3, 55, 8B... 
[+]

Entropy:

6.9114

Code size:

768.5 KB (786,944 bytes)

Program Uninstaller

Program name:

clickadvanced frameworks

Display publisher:

clickadvanced frameworks

Uninstall string:

"C:\Program Files (x86)\clickadvanced frameworks\ca_installer.exe" /uninstall

The file ca_installer.exe has been discovered within the following program.

clickadvanced frameworks by A.INOLOGIX LTD

ClickAdvanced is a potentially unwanted web browser extension that is ad-supported and will display various popup and banner ads as well as modify the user's web browser search and home page settings.

product_url.com

74% remove it

Remove ca_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.