home

defenders_quest_v1.1.47_setup.exe

InstallModule

Evgen Kugitko

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application defenders_quest_v1.1.47_setup.exe by Evgen Kugitko has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from littlebyte.net. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
InstallShield Software Corporation  (signed by Evgen Kugitko)

Product:
InstallModule

Description:
Install Module

Version:
2.1.0.429

MD5:
51c21b331f2492f706644c694b271c51

SHA-1:
b8246efb2ca9af9ebe6d24189846bfe266c34b29

SHA-256:
c895edd6a932a8c0fabc864eb964a0b30ca9f7625f2d59c587bc1378f716ea2d

Scanner detections:
14 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/10/2025 9:30:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.FileTour
7.1.1

Avira AntiVirus
ADWARE/FileTour.Gen
7.11.217.78

AVG
Generic
2016.0.3132

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.DownLoader12.46405
9.0.1.0111

ESET NOD32
Win32/Adware.FileTour.PV application
9.7.0.302.0

herdProtect (fuzzy)
variant of voodoo dice [eur] [minis].iso-torrent.exe (Adware)
2015.7.22.21

IKARUS anti.virus
PUA.FileTour
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.203.15663

Kaspersky
not-a-virus:AdWare.Win32.FakeInstaller
15.0.0.543

NANO AntiVirus
Trojan.Win32.SMSSend.dpfbnb
0.30.20.1219

Reason Heuristics
Threat.Webpick.Bundler
15.4.21.12

VIPRE Antivirus
Threat.5085227
39354

Zillya! Antivirus
Adware.FakeInstaller.Win32.128
2.0.0.2147

File size:
705.7 KB (722,664 bytes)

Product version:
2.1.0.0

Copyright:
Copyright (C) 2003 InstallShield Software Corp.

Original file name:
Install.EXE

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Digital Signature
Signed by:
Evgen Kugitko

Authority:
Thawte, Inc.

Valid from:
9/24/2014 6:00:00 AM

Valid to:
9/25/2015 5:59:59 AM

Subject:
CN=Evgen Kugitko, OU=Individual Developer, O=No Organization Affiliation, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4179EA1BEC59D4CA7E66862832555480

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:6J9Njp9VQsqSXNrol0Ry0IH/YHYDHaMbaFkiNtTPUpMG00T07EJDmxGUsGyKf7:6J9DsstKlVV2m7bbKUpo0gpGH9KD

Entry address:
0x1A3A76

Entry point:
53, 52, 8D, 1D, B8, 40, 5A, 00, 8B, 13, 0F, B6, 12, 80, EA, B8, 0F, 84, 07, 00, 00, 00, 5A, 5B, E9, CB, F4, FF, FF, 50, 53, FF, 15, 1C, 40, 5A, 00, 8B, C2, 8B, C2, 40, FF, 15, 20, 40, 5A, 00, 5B, E9, E7, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
910 KB (931,840 bytes)

The file defenders_quest_v1.1.47_setup.exe has been seen being distributed by the following URL.

http://littlebyte.net/get_promo.php?promo_type=mi&fileid=98672

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove defenders_quest_v1.1.47_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.