» calibre_freely_d162915.exe
Overview
Analysis
File Details
Downloads (1)

calibre_freely_d162915.exe

InstallIQ Installation Utility

InstallX, LLC

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The file calibre_freely_d162915.exe by InstallX has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. The file has been seen being downloaded from dl2.iq11download.com.

File name:

Publisher:

InstallX, LLC (signed and verified)

Product:

InstallIQ Installation Utility

Version:

2.137.0.0

MD5:

9465fed4c56d7d0e0ad177067d009d0f

SHA-1:

8a15ab0defad8a17075405222fd6c33e633c693e

SHA-256:

dedbc823592b1b512874c9bf47362a2e7600ec18f7e67a1950dfa91401aeb26f

Scanner detections:

26 / 68

Status:

Adware

Explanation:

InstallIQ is a bundled offer download and install manager that is designed to show sponsored offers during installation that typically includes adware type toolbars, browser extensions and plugin or other potentially unwanted software along with the promised application.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/23/2024 8:52:04 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11166815

453

Agnitum Outpost

PUA.Downware

7.1.1

AhnLab V3 Security

PUP/Win32.Installiq

2014.11.07

Avira AntiVirus

APPL/InstallIQ.Gen5

7.11.183.128

AVG

InstallIQ.F

2016.0.2931

Bitdefender

Trojan.Generic.11166815

1.0.20.1565

Comodo Security

Application.Win32.InstallIQ.B

20005

Dr.Web

Adware.W3i.32

9.0.1.0313

Emsisoft Anti-Malware

Trojan.Generic.11166815

8.15.11.09.11

ESET NOD32

Win32/InstallIQ (variant)

9.10681

Fortinet FortiGate

Riskware/InstallIQ

11/9/2015

F-Secure

Trojan.Generic.11166815

11.2015-09-11_2

G Data

Trojan.Generic.11166815

15.11.24

K7 AntiVirus

Trojan

13.185.13930

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.1148

Malwarebytes

PUP.Optional.InstallIQ

v2015.11.09.11

McAfee

Artemis!9465FED4C56D

5600.6587

MicroWorld eScan

Trojan.Generic.11166815

16.0.0.939

NANO AntiVirus

Trojan.Win32.Downware.cujxue

0.28.6.62995

nProtect

Trojan.Generic.11166815

14.11.06.01

Reason Heuristics

PUP.InstallX.Installer (M)

15.11.9.11

Sophos

InstallQ

4.98

SUPERAntiSpyware

PUP.InstallIQ/Variant

9518

Vba32 AntiVirus

Adware.InstallIQ.Downloader

3.12.26.3

VIPRE Antivirus

InstallIQ Installer

34562

Zillya! Antivirus

Downloader.Agent.Win32.202215

2.0.0.1976

File size:

1.9 MB (2,038,864 bytes)

Product version:

2.137.0.0

Original file name:

InstallIQ.exe

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\calibre_freely_d162915.exe.4kf79au.partial

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/21/2013 5:00:00 PM

Valid to:

3/26/2014 5:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

030985B5A39F75A13A497DAB8BF611F7

File PE Metadata

Compilation timestamp:

1/15/2014 3:02:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:uAxzJ+YzkQ9EJER1wADchsnUJgYTckRUgZ:bKtJW1wkctJ80

Entry address:

0xF739

Entry point:

E8, B5, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 44, 58, 00, E8, F1, 47, 00, 00, E8, B9, 6A, 00, 00, 0F, B7, F0, 6A, 02, E8, 48, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.7721

Code size:

1.2 MB (1,291,776 bytes)

The file calibre_freely_d162915.exe has been seen being distributed by the following URL.

http://dl2.iq11download.com/dynamic/standard/.../calibre_freely_d162915.exe

Remove calibre_freely_d162915.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.