» filewhiz.exe
Overview
Analysis
File Details
Downloads (1)

filewhiz.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application filewhiz.exe by InstallX has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl2.vin7installer.com.

File name:

filewhiz.exe

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.69.0

MD5:

fc710a7f9ee3593a1586760f208d778b

SHA-1:

babb62581c7d03a52b87bd0b39d361263a5db7a9

SHA-256:

99bfbcdf910efc50dba4b8db58c49374db9200549c4b925c6219c9f031b0de95

Scanner detections:

33 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/18/2024 10:18:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.155902

744

AhnLab V3 Security

PUP/Win32.SafeInstaller

2014.10.21

Avira AntiVirus

APPL/InstallIQ.Gen4

7.11.185.228

avast!

PUP-gen [PUP]

2014.9-150121

AVG

Adware InstallIQ

2016.0.3222

Baidu Antivirus

Adware.Win32.InstallIQ

4.0.3.15121

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.105

Comodo Security

Application.Win32.InstallIQ.B

20088

Dr.Web

Adware.Downware.2512

9.0.1.021

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Graftor.155902

8.15.01.21.05

ESET NOD32

Win32/InstallIQ.A potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Agent

1/21/2015

F-Secure

Gen:Variant.Application.Bundler

11.2015-21-01_4

G Data

Gen:Variant.Application.Bundler.Graftor.155902

15.1.24

IKARUS anti.virus

PUA.InstallIQ

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.14021

Kaspersky

not-a-virus:Downloader.NSIS.Agent

15.0.0.543

Malwarebytes

PUP.Optional.SafeInstall.A

v2015.01.21.05

McAfee

Artemis!52967C07C5DD

5600.6878

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.155902

16.0.0.63

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.28.6.63362

Norman

Gen:Variant.Application.Bundler.Graftor.155902

02.01.2015 13:58:24

Panda Antivirus

Trj/CI.A

15.01.21.05

Qihoo 360 Security

Win32/Application.ab7

1.0.0.1015

Quick Heal

Downloader.NSIS.g1c (Not a Virus)

1.15.14.00

Reason Heuristics

PUP.Installer.InstallX

15.1.21.17

Rising Antivirus

PE:Trojan.Win32.Generic.17A19AEC!396466924

23.00.65.15119

Sophos

PUA 'InstallQ'

5.09

Trend Micro House Call

Suspicious_GEN.F47V1118

7.2.21

Trend Micro

TROJ_GEN.R0C2C0OK314

10.465.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

InstallIQ Installer

34106

Zillya! Antivirus

Downloader.Agent.Win32.223881

2.0.0.1960

File size:

2 MB (2,146,328 bytes)

Product version:

1.0.69.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\filewhiz.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/20/2014 8:00:00 PM

Valid to:

4/8/2015 8:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

1/20/2015 5:23:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:Lw3COGspCh8qtn1JPG+22sVTTL1klvlTO:LcpCftzGN2sQ9O

Entry address:

0x575CA

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 55, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.1778

Code size:

1 MB (1,096,704 bytes)

The file filewhiz.exe has been seen being distributed by the following URL.

http://dl2.vin7installer.com/download/Base/259485/.../filewhiz.exe

Remove filewhiz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.