» Installer.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (2)

Installer.exe

Installer

Sea Bug

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application Installer.exe by Sea Bug has been detected as adware by 29 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program LookThisUp by Sea Bug, LLC which is a potentially unwanted software program. According to AVG, this software downloads additional adware offers during setup.

File name:

Installer.exe

Publisher:

Sea Bug (signed and verified)

Product:

Installer

Version:

1.0.0.0

MD5:

053e5e38fd367c5af0b07fc8be5d2b24

SHA-1:

09c4bd2082480e20f9d6045445a75a8ba3f331bf

SHA-256:

9bb0d44b8b565aacb0a826aad2a8ce33f0946901c582a8864c1f59401d32b8df

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/8/2024 11:08:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OMN

371

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2014.12.04

Avira AntiVirus

Adware/iBryte.H.10

7.11.182.222

avast!

Win32:IBryte-HD [PUP]

2014.9-160130

AVG

Downloader

2017.0.2849

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.16130

Bitdefender

Adware.Agent.OMN

1.0.20.150

Comodo Security

UnclassifiedMalware

19980

Dr.Web

Adware.iBryte.492

9.0.1.030

Emsisoft Anti-Malware

Adware.Agent.OMN

8.16.01.30.01

ESET NOD32

MSIL/Adware.iBryte (variant)

10.10661

Fortinet FortiGate

Adware/IBryte

1/30/2016

F-Secure

Adware.Agent.OMN

11.2016-30-01_7

G Data

Adware.Agent.OMN

16.1.24

IKARUS anti.virus

not-a-virus:AdWare.MSIL.Agent

t3scan.1.8.3.0

K7 AntiVirus

Adware

13.186.14225

Malwarebytes

Trojan.MSIL.Bladabindi

v2016.01.30.01

McAfee

RDN/Generic PUP.x!c2y

5600.6505

MicroWorld eScan

Adware.Agent.OMN

17.0.0.90

nProtect

Adware.Agent.OMN

14.10.31.01

Panda Antivirus

Trj/CI.A

16.01.30.01

Qihoo 360 Security

Win32/Virus.Adware.529

1.0.0.1015

Reason Heuristics

PUP.Yontoo.SeaBug.Installer (M)

16.1.30.1

Sophos

Generic PUA OE

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9355

Trend Micro House Call

TROJ_GEN.R02SH06JJ14

7.2.30

Trend Micro

TROJ_GEN.R047C0PK514

10.465.30

VIPRE Antivirus

iBryte

34472

File size:

201.6 KB (206,480 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature

Signed by:

Sea Bug

Authority:

GoDaddy.com, Inc.

Valid from:

7/25/2014 10:59:04 PM

Valid to:

7/25/2015 10:59:04 PM

Subject:

CN=Sea Bug, O=Sea Bug, L=Orange, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

081CF04D6E5726

File PE Metadata

Compilation timestamp:

9/28/2014 8:03:30 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:/kEv6QYOTkDf9lsesBK7kL8jT2mJvXVcIL7wbQXGirHdYHR06o/D+UgfkmS:h9YOIDfHsesBK7VxXmXbQhKHR0pqfkn

Entry address:

0x30FBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 14, 11, 00, 80, 10, 00, 00, 00, 64, 11, 00, 80, 18, 00, 00, 00, 50, 14, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

188 KB (192,512 bytes)

The file Installer.exe has been discovered within the following program.

LookThisUp by Sea Bug, LLC

LookThisUp is an adware Internet extension that will inject advertisements to the browser on web pages that are not affiliated with the ads or the extension. Ads will be places as new ads that would not normally appear.

lookthisup.net

82% remove it

The file Installer.exe has been seen being distributed by the following URL.

http://d32k27yvyi4kmv.cloudfront.net/.../Installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove Installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.