» filewhiz.exe
Overview
Analysis
File Details
Downloads (1)

filewhiz.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application filewhiz.exe by InstallX has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl2.vip0installer.com.

File name:

filewhiz.exe

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.72.0

MD5:

23f87ffe002bb0a8bc920b854b59d379

SHA-1:

983839aad10b2831bfa40d25dbd219e5dfb1f3d0

SHA-256:

ef073f7829a82222f7e263b7c6a3d04ef46936f7e3289e435da104c2a51fc03e

Scanner detections:

34 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

5/19/2024 9:47:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.155902

719

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.02.15

Avira AntiVirus

APPL/InstallIQ.Gen4

7.11.210.58

avast!

Win32:Malware-gen

2014.9-150215

AVG

InstallIQ

2016.0.3197

Baidu Antivirus

Adware.Win32.InstallIQ

4.0.3.15215

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallIQ.B

21079

Dr.Web

Adware.Downware.9715

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Graftor.155902

8.15.02.15.06

ESET NOD32

Win32/InstallIQ.A potentially unwanted (variant)

9.11177

Fortinet FortiGate

Riskware/InstallIQ

2/15/2015

F-Secure

Gen:Variant.Application.Bundler

11.2015-15-02_1

G Data

Win32.Application.InstallIQ

15.2.25

IKARUS anti.virus

PUA.InstallIQ

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.194.14968

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.2481

Malwarebytes

PUP.Optional.SafeInstall.A

v2015.02.15.06

McAfee

Artemis!23F87FFE002B

5600.6853

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.155902

16.0.0.138

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.30.0.65070

Norman

Gen:Variant.Application.Bundler.Graftor.155902

11.20150215

Panda Antivirus

Generic Suspicious

15.02.15.06

Qihoo 360 Security

Win32/Application.ab7

1.0.0.1015

Quick Heal

Downloader.NSIS.g1c (Not a Virus)

2.15.14.00

Reason Heuristics

PUP.Installer.InstallX

15.2.15.18

Rising Antivirus

PE:Trojan.Win32.Generic.17A19AEC!396466924

23.00.65.15213

Sophos

InstallQ

4.98

Trend Micro House Call

Suspicious_GEN.F47V1118

7.2.46

Trend Micro

TROJ_GEN.R0C2C0OK314

10.465.15

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

InstallIQ Installer

37568

Zillya! Antivirus

Downloader.Agent.Win32.238160

2.0.0.2068

File size:

2.1 MB (2,154,008 bytes)

Product version:

1.0.72.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\filewhiz.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/21/2014 1:00:00 AM

Valid to:

4/8/2015 2:00:00 PM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

2/9/2015 6:29:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:QvlwvmA2vDTXj5lppfNH5DlhsZCTznASR2iIfor:QvQmAy5lDnsZjU2iIfK

Entry address:

0x5772A

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 70, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

1.1 MB (1,102,848 bytes)

The file filewhiz.exe has been seen being distributed by the following URL.

http://dl2.vip0installer.com/download/Base/259485/.../filewhiz.exe

Remove filewhiz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.