» installer.exe
Overview
Analysis
File Details
Downloads (3)

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr7.com and multiple other hosts.

File name:

installer.exe

Publisher:

ReSoft LTD. (signed and verified)

MD5:

b31fbce7addfd567504ba5f00bc4d4ad

SHA-1:

19dc837674578fa95327ee2c06c906bdfb64c440

SHA-256:

2838dced3b4280310c37ca3ef084da1aa5a74a521f7169ed15b001abcc0606f1

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/19/2024 3:38:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

918

Agnitum Outpost

PUA.Toolbar.Linkury

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-140801

Bitdefender

Adware.Linkury.B

1.0.20.1065

Dr.Web

Adware.Linkury.3

9.0.1.0101

Emsisoft Anti-Malware

Adware.Linkury

8.14.08.01.01

ESET NOD32

Win32/Toolbar.Linkury (variant)

8.9663

Fortinet FortiGate

Riskware/Toolbar_Linkury

4/11/2014

G Data

Adware.Linkury

14.8.24

McAfee

Artemis!B31FBCE7ADDF

5600.7164

MicroWorld eScan

Adware.Linkury.B

15.0.0.639

Panda Antivirus

PUP/LinkUry

14.08.01.01

Reason Heuristics

PUP.ReSoft.J

14.8.8.1

Trend Micro House Call

TROJ_GEN.F47V0409

7.2.101

VIPRE Antivirus

Adware.Linkury

28194

File size:

10.4 MB (10,919,456 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\installer.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

7/31/2013 8:00:00 PM

Valid to:

8/1/2015 7:59:59 PM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

51FA31336CEC649121E9A908289950D2

File PE Metadata

Compilation timestamp:

4/8/2014 4:27:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:CWDWtGdp8NOaJ3YHVCErLMtiVuNGYH0soGSBHdEHCpunbz6CINRT8kUzqIfivGX:qiwjY1CEHMibYHLo1BHd/punyAzUC

Entry address:

0x30596

Entry point:

E8, 1E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 1D, E8, FA, 1C, 00, 00, 83, 20, 00, E8, DF, 1C, 00, 00, C7, 00, 16, 00, 00, 00, E8, D8, 3F, 00, 00, 83, C8, FF, 5D, C3, FF, 75, 08, FF, 15, 8C, 80, 44, 00, 83, F8, FF, 75, 0F, FF, 15, D4, 80, 44, 00, 50, E8, DB, 1C, 00, 00, 59, EB, DE, F6, 45, 0C, 80, 74, 05, 83, E0, FE, EB, 03, 83, C8, 01, 50, FF, 75, 08, FF, 15, 6C, 81, 44, 00, 85, C0, 74, D5, 33, C0, 5D, C3, 6A, 0C, 68, 20, 29, 45, 00, E8, 9F, 82, 00, 00, 33, C0, 33, F6, 39... 
[+]

Entropy:

7.9352 (probably packed)

Code size:

284 KB (290,816 bytes)

The file installer.exe has been seen being distributed by the following 3 URLs.

http://cdn.airdlr7.com/downloads/offers/.../Installer_08_04_14.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../Installer_20140408.exe

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.