home

installer 1.1.5.exe

The application installer 1.1.5.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from iawzxw.by3302.livefilestore.com and multiple other hosts.
MD5:
48416bff6c1abc775c6864f009c87691

SHA-1:
89b791bb940e1878396ff2f86ed5d3bcbf31cd91

SHA-256:
f458e79b51357cd475324f552fa2b59d7283edc5a6e415bd924f804552c07860

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/23/2024 2:53:10 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.HDC
2014.08.04

Avira AntiVirus
APPL/Downloader.Gen
7.11.158.168

avast!
Win32:Adware-gen [Adw]
2014.9-140911

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1483

Dr.Web
Adware.Downware.5530
9.0.1.0215

ESET NOD32
Win32/OutBrowse
8.10052

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.OutBrowse
v2014.08.03.11

McAfee
Artemis!48416BFF6C1A
5600.7050

nProtect
Trojan/W32.PornoAsset.999698
14.08.03.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0704
7.2.215

VIPRE Antivirus
Trojan.Win32.Generic
31878

File size:
976.3 KB (999,698 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer 1.1.5.exe

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:z9Zn113GiwllQiK1UBEZF7NWxwntNOpdZTE:5v12LlMUBENWxwntwp/TE

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9241

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer 1.1.5.exe has been seen being distributed by the following 6 URLs.

https://iawzxw.by3302.livefilestore.com/.../Installer 1.1.5.exe

https://iawzxw.by3302.livefilestore.com/.../Installer 1.1.5.exe

https://iawzxw.by3302.livefilestore.com/.../Installer 1.1.5.exe

https://iawzxw.by3302.livefilestore.com/.../Installer 1.1.5.exe

https://onedrive.live.com/download?resid=ACF3303C396C525A!163

https://iawzxw.by3302.livefilestore.com/.../Installer 1.1.5.exe

Remove installer 1.1.5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.