{d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe

The application {d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Remove {d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe - Powered by Reason Core Security
MD5:
170fefb5e505f9bec89879272a2ddeae

SHA-1:
d6a8b01711d49605707cadc825e0def3cc953e90

SHA-256:
b4c423bdca8a37efb78fe37164479a25367fd304c92c0c6273bafe89511dba49

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/3/2016 6:57:58 PM UTC  (today)

Scan engine
Detection
Engine version

Antiy Labs AVL
Trojan[Packed]/Win32.Katusha
1.0.0.1

avast!
NSIS:InstMonetizer-AW [PUP]
2014.9-140610

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14610

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/InstallMonetizer.AW potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.InstallMonetizer.A
v2014.06.10.11

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14608

Remove {d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe - Powered by Reason Core Security
File size:
317.5 KB (325,077 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\iolo\safetynet\manual\{b0b40951-9dc1-4b3f-99f7-361045ab9ad1}\{d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:0AIvm5Pcheb7px59+jHEOh31KZ6VSOfQw30vX+XsgqRvgZyt5q2p75A8W7K:l5Pcw7pJHI3ksBQJesg/ybJ75A8/

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 83, 54, AE, 44, C4, C1, 5D, FF, 1F, F5, 04, 00, 75, 63, 05, 00, 2A, 00, 00, 00, 7B, 44, 38, 45, 37, 41, 41, 39, 46, 2D, 36, 46, 45, 34, 2D, 34, 46, 35, 37, 2D, 39, 36, 39, 36, 2D, 45, 34, 38, 31, 36, 46, 42, 35, 30, 45, 33, 30, 7D, 2E, 65, 78, 65, EC, BD, 0D, 78, 54, D5, B5, 3F, BC, E7, 23, C9, 10, 26, CC, 00, 89, 46, F9, 70, 80, 60, 69, 03, 88, 0E, 51, C2, 10, 98, 40, 26, 04, 25, 38, 61, C8, 8C, 1F, E1, 23, 92, 89, 93, 31, 24, 69, 72, 0E, 82, 25, 30, E9, 24, 36, C3...
 
[+]

Entropy:
7.9987  (probably packed)

Remove {d8e7aa9f-6fe4-4f57-9696-e4816fb50e30}.exe - Powered by Reason Core Security