» installation.exe
Overview
Analysis
File Details
Downloads (1)

installation.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installation.exe by Smart Secure Software S.l has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

installation.exe

Publisher:

Smart Secure Software S.l. (signed and verified)

MD5:

7ad3d9f20d34785423d087710bceab29

SHA-1:

fa52206539880f99fc18613977d8801394648a3f

SHA-256:

fe4acb1d54d8d9f35337bd35eadfb3e5d1feccff9d2b2d6f76791a7e5ff13a1d

Scanner detections:

28 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 1:27:38 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.SoftPulse.P

659

Agnitum Outpost

PUA.SoftPulse

7.1.1

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.04.17

avast!

Win32:SoftPulse-DI [PUP]

2014.9-150416

AVG

Adware Generic6.NXI

2014.0.4311

Bitdefender

Gen:Variant.Adware.Graftor.168670

1.0.20.530

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.SoftPulse.D

21792

Dr.Web

Trojan.DownLoader12.20690

9.0.1.0106

Emsisoft Anti-Malware

Application.Bundler.SoftPulse.P

8.15.04.16.08

ESET NOD32

Win32/Adware.Sambamedia.A application

9.7.0.302.0

Fortinet FortiGate

Riskware/DriverUpd

4/16/2015

F-Prot

W32/S-c0a1d5ca

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.SoftPulse

11.2015-16-04_5

G Data

Gen:Variant.Adware.Graftor.168670

15.4.25

herdProtect (fuzzy)

variant of uh2usosq.exe.part (Adware)

2015.7.18.13

IKARUS anti.virus

not-a-virus:Downloader.DriverUpd

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.202.15623

Malwarebytes

PUP.Optional.SoftPulse.gen

v2015.04.16.08

McAfee

Program.SoftPulse

5600.6793

MicroWorld eScan

Application.Bundler.SoftPulse.P

16.0.0.318

NANO AntiVirus

Riskware.Win32.SoftPulse.dneycs

0.30.16.1110

Norman

Gen:Variant.Adware.Graftor.168670

11.20150718

Reason Heuristics

Threat.Softpulse.Bundler

15.4.16.16

Sophos

PUA 'SoftPulse' (of type Adware)

5.10

Vba32 AntiVirus

Downloader.DriverUpd

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Adware.Sambamedia.Win32.1

2.0.0.2141

File size:

1 MB (1,088,688 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\installation.exe

Digital Signature

Signed by:

Smart Secure Software S.l.

Authority:

COMODO CA Limited

Valid from:

12/15/2014 12:00:00 AM

Valid to:

12/15/2015 11:59:59 PM

Subject:

CN=Smart Secure Software S.l., O=Smart Secure Software S.l., STREET=El Pozo 17B, L=Adeje, S=Santa Cruz de Tenerife, PostalCode=38680, C=ES

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3FE11492275B337C9F032D96A4574137

File PE Metadata

Compilation timestamp:

1/27/2015 4:59:27 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:JJGR1dbA6lWvlNKlrkv7FWPR2uQSkBmDJvq+STn2BKL6HcuS:JuZA68tw9kvyR5QSh7ST2EL68T

Entry address:

0x13DEF0

Entry point:

60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 04, BA, 13, 00, 57, 83, C3, 04, 53, 68, E8, EE, 0F, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9860 (probably packed)

Code size:

1024 KB (1,048,576 bytes)

The file installation.exe has been seen being distributed by the following URL.

http://kingsdowns.com/fly/.../gb.php?kw1=xad136-gbau-300-js-xx-AD-flv-gb-apx

Remove installation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.