» infoatoms-web-setup.exe
Overview
Analysis
File Details

infoatoms-web-setup.exe

InfoAtoms

InfoAtoms Inc.

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application infoatoms-web-setup.exe, “InfoAtoms Installer” by InfoAtoms has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

Publisher:

InfoAtoms Inc. (signed and verified)

Product:

InfoAtoms

Description:

InfoAtoms Installer

Version:

1.0.0.1

MD5:

89dd1408bd48cf4a26d37ffce1dbb34f

SHA-1:

9daef38feb1cec38c1445bd3385b38a56615a4a7

SHA-256:

42873a5b833216c1fdb7fa4a4c62ec4436d2121e0b9a325ab271eb1f8eb7d9b5

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/19/2024 9:44:20 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Trojan.Downloader.Win32.AMN

8.15.11.25.06

McAfee

Artemis!89DD1408BD48

5600.6570

MicroWorld eScan

HEUR:Trojan-Downloader.Win32.Generic

16.0.0.987

Norman

Downloader

11.20151125

Reason Heuristics

PUP.InfoAtoms.Installer (M)

15.11.25.18

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.20.2

VIPRE Antivirus

InfoAtoms

17108

File size:

63.6 KB (65,120 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\infoatoms-web-setup.exe

Digital Signature

Signed by:

InfoAtoms Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

4/12/2012 2:06:59 PM

Valid to:

4/3/2013 4:35:07 PM

Subject:

CN=InfoAtoms Inc., O=InfoAtoms Inc., L=La Jolla, S=CA, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

04788136C18C1C

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:GQpQ5EP0ijnRTXJ1Jmle5spOxNyNMQUAqWizmegei:GQIURTXJnQMoqrI

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

6.7025

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove infoatoms-web-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.