home

install.exe

IEInstaller

Pull Trends

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application install.exe by Pull Trends has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer.
Publisher:
Pull Trends  (signed and verified)

Product:
IEInstaller

Version:
1.0.0.0

MD5:
88f31873847d3e047e0e92e9eb0024f5

SHA-1:
3bae648e0a51b3af77f103ade817ac767593af0d

SHA-256:
51721e4ed7cbd2e9c78362ed5c49a9b4df63febd52ea6929304a5e7af2cd4dd0

Scanner detections:
10 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 7:41:27 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Click
7.1.1

Avira AntiVirus
ADWARE/IERedirector.87040
8.3.1.6

AVG
iBryte
2016.0.3001

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.iBryte.538
9.0.1.0242

IKARUS anti.virus
AdWare.IERedirector
t3scan.1.9.5.0

Kaspersky
Trojan.Win32.Startpage
14.0.0.1502

Reason Heuristics
PUP.Adknowledge.PullTrends.Installer (M)
15.8.30.13

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.4

VIPRE Antivirus
Threat.4798837
40830

File size:
223.8 KB (229,216 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
IEInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\apps\2.0\c6kt3ggy.4q0\e5y5b2x3.qhx\myemailxp_65118c3ef8e168a4_0001.0000_308bae8a9f039e22\install.exe

Digital Signature
Signed by:
Pull Trends

Authority:
COMODO CA Limited

Valid from:
1/6/2015 7:00:00 PM

Valid to:
1/7/2016 6:59:59 PM

Subject:
CN=Pull Trends, O=Pull Trends, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=MO, PostalCode=64112, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2DB408BA9ECD129D99939D263A3C8574

File PE Metadata
Compilation timestamp:
8/7/2015 3:16:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:9O90lGXMUEzSxFEqWP3t/qjPdyW7uO90lGjO90lGUgkG6:9sXMUEzSxFEqWP9/qjPdb7usjsN6

Entry address:
0x3733E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.5348

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
213 KB (218,112 bytes)

Remove install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.