» gothicmasquerade_d3643761.exe
Overview
Analysis
File Details

gothicmasquerade_d3643761.exe

InstallIQ Installation Utility

InstallX, LLC

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The application gothicmasquerade_d3643761.exe by InstallX has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer.

File name:

Publisher:

InstallX, LLC (signed and verified)

Product:

InstallIQ Installation Utility

Version:

2.136.7.0

MD5:

8c71cd2d0131ca39b3d6725c7af70051

SHA-1:

1d5c8bfff9c913823d30b09ec4194a7ac0b134b9

SHA-256:

8e0701cb1a357986c2e3337f46de0e4f58bfb07180d83a3069b8cb6011195b4e

Scanner detections:

17 / 68

Status:

Adware

Explanation:

InstallIQ is a bundled offer download and install manager that is designed to show sponsored offers during installation that typically includes adware type toolbars, browser extensions and plugin or other potentially unwanted software along with the promised application.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2024 11:54:14 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.InstallIQ.C

775

Avira AntiVirus

APPL/InstallIQ.Gen5

7.11.121.86

AVG

Skodna.Bundle

2015.0.3253

Bitdefender

Adware.InstallIQ.C

1.0.20.1780

Comodo Security

Application.Win32.InstallIQ.B

17482

Dr.Web

Adware.W3i.32

9.0.1.0356

Emsisoft Anti-Malware

Adware.InstallIQ

8.14.12.22.01

ESET NOD32

Win32/InstallIQ (variant)

8.9190

F-Secure

Adware.InstallIQ.C

11.2014-22-12_2

G Data

Adware.InstallIQ

14.12.22

Malwarebytes

PUP.Optional.InstallIQ

v2014.12.22.01

MicroWorld eScan

Adware.InstallIQ.C

15.0.0.1068

NANO AntiVirus

Trojan.Win32.Searcher.cjaztx

0.28.0.57029

Reason Heuristics

PUP.Installer.InstallX.Z

14.12.22.1

Rising Antivirus

PE:PUF.InstallIQ!1.9E4F

23.00.65.141220

Sophos

InstallQ

4.96

VIPRE Antivirus

InstallIQ Installer

24636

File size:

1.9 MB (2,000,976 bytes)

Product version:

2.136.7.0

Original file name:

InstallIQ.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\gothicmasquerade_d3643761.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/21/2013 5:00:00 PM

Valid to:

3/26/2014 5:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

030985B5A39F75A13A497DAB8BF611F7

File PE Metadata

Compilation timestamp:

12/12/2013 2:10:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Xc2k/5HLDpv1l9Gyzsf5/nz4Z338+9jDTVIQQYAFiV2b6OrrQmffPo0hmwzHZwO9:s2cRmcl8e5PKsNgN4mXlg5SSNTDueaKu

Entry address:

0xF739

Entry point:

E8, B5, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, 18, 58, 00, E8, F1, 47, 00, 00, E8, B9, 6A, 00, 00, 0F, B7, F0, 6A, 02, E8, 48, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.7474

Code size:

1.2 MB (1,285,120 bytes)

Remove gothicmasquerade_d3643761.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.