» clipartcollection.exe
Overview
Analysis
File Details

clipartcollection.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application clipartcollection.exe by InstallX has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.61.0

MD5:

81263acf52877dc4de69a96e4aa58d96

SHA-1:

538f96300a955b43f8a0dfea1767092adb411644

SHA-256:

3b14eefd1bf70bf0380d18465a7b3a3cb6569956c5e314c90e5ec84932c559a5

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/10/2024 4:40:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.155902

865

AhnLab V3 Security

PUP/Win32.Generic

2014.09.25

avast!

Win32:Adware-gen [Adw]

2014.9-140922

AVG

Win32/Heur

2015.0.3343

Baidu Antivirus

Hacktool.Win32.Downloader

4.0.3.14124

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.1325

Comodo Security

Application.Win32.InstallIQ.B

19513

Dr.Web

Adware.Downware.2512

9.0.1.0265

Emsisoft Anti-Malware

Application.Bundler.InstallIQ

8.14.12.04.01

ESET NOD32

Win32/InstallIQ (variant)

8.10416

Fortinet FortiGate

Riskware/InstallIQ

12/4/2014

F-Secure

Gen:Variant.Application.Bundler

11.2014-22-09_2

G Data

Gen:Variant.Application.Bundler.Graftor.155902

14.9.24

herdProtect (fuzzy)

variant of 7zip_bimo.exe (Adware)

2014.12.4.18

IKARUS anti.virus

PUA.InstallIQ

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13358

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.3212

Malwarebytes

PUP.Optional.SafeInstall.A

v2014.09.22.02

McAfee

Artemis!21DFD8B1B531

5600.6926

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.155902

15.0.0.795

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.28.2.61942

Panda Antivirus

Trj/Genetic.gen

14.09.22.02

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.InstallX.R

14.9.22.13

Sophos

DomainIQ pay-per install

4.98

Trend Micro House Call

Suspicious_GEN.F47V0816

7.2.338

VIPRE Antivirus

Threat.4783689

32938

Zillya! Antivirus

Downloader.Agent.Win32.221392

2.0.0.1933

File size:

1.9 MB (1,981,464 bytes)

Product version:

1.0.61.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\clipartcollection.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/20/2014 8:00:00 PM

Valid to:

4/8/2015 8:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

9/10/2014 11:25:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:/ZsonQHxM3RxxQ4SMix6y6YqEe7RoNHphhIXro5EjV7r7A6Rf+ADStVIlu6+q5wc:ip6y6bUphmrL7o655DSoIq5B86T2W4C9

Entry address:

0x5AC3A

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, B0, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.0446

Code size:

1.1 MB (1,116,672 bytes)

Remove clipartcollection.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.