» filewhiz.exe
Overview
Analysis
File Details
Downloads (1)

filewhiz.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application filewhiz.exe by InstallX has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 1-vinstaller.com.

File name:

filewhiz.exe

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.72.0

MD5:

188973cd3e30432431353eeaf660d755

SHA-1:

ad1eb927418d998c602d6cb24a346fe872edb71a

SHA-256:

da5d0307794755558742206a4b12ceb55299872500795fe2612288e7db180a3e

Scanner detections:

36 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 12:33:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Agent.J

393

AhnLab V3 Security

PUP/Win32.Installiq

2015.10.27

Avira AntiVirus

PUA/InstallIQ.Gen4

8.3.2.2

avast!

Win32:PUP-gen [PUP]

2014.9-160108

AVG

InstallIQ

2017.0.2871

Baidu Antivirus

Adware.Win32.InstallIQ

4.0.3.1618

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.40

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.InstallIQ.B

23480

Dr.Web

Adware.Downware.9628

9.0.1.08

Emsisoft Anti-Malware

Application.Bundler.Agent

8.16.01.08.06

ESET NOD32

Win32/InstallIQ.A potentially unwanted (variant)

10.12468

Fortinet FortiGate

Riskware/Agent

1/8/2016

F-Prot

W32/InstallIQ.A.gen

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.Agent

11.2016-08-01_6

G Data

Win32.Application.InstallIQ

16.1.25

IKARUS anti.virus

AdWare.InstallIQ

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.212.17655

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.849

Malwarebytes

PUP.Optional.SafeInstall

v2016.01.08.06

McAfee

Artemis!23F87FFE002B

5600.6527

MicroWorld eScan

Application.Bundler.Agent.J

17.0.0.24

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.30.26.3947

Norman

Gen:Variant.Application.Bundler.Graftor.155902

11.20160108

Panda Antivirus

Generic Suspicious

16.01.08.06

Qihoo 360 Security

Win32/Application.ab7

1.0.0.1015

Quick Heal

Downloader.Agent.01355

1.16.14.00

Reason Heuristics

PUP.InstallX.SafeInstall.Installer (M)

16.1.8.6

Rising Antivirus

PE:PUF.InstallIQ!1.9E4F [F]

23.00.65.16106

Sophos

InstallQ

4.98

Total Defense

Win32/Tnega.dSCceV

37.1.62.1

Trend Micro House Call

Suspicious_GEN.F47V0206

7.2.8

Trend Micro

TROJ_GEN.R0C2C0OK314

10.465.08

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

InstallIQ Installer

44838

Zillya! Antivirus

Downloader.Agent.Win32.235201

2.0.0.2476

File size:

2.1 MB (2,150,936 bytes)

Product version:

1.0.72.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\filewhiz.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/20/2014 7:00:00 PM

Valid to:

4/8/2015 7:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

2/9/2015 11:29:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:xvlwvmA2vDTXj5lppfNH5DlhsZCT1QC5X0tv:xvQmAy5lDnsZdd

Entry address:

0x5772A

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 70, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.1739

Code size:

1.1 MB (1,102,848 bytes)

The file filewhiz.exe has been seen being distributed by the following URL.

http://1-vinstaller.com/.../download?accountid=14457&shortname=filewhiz&campaignname=filewhiz.typ

Remove filewhiz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.