» Installer.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (3)

Installer.exe

Installer

Sea Bug

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application Installer.exe by Sea Bug has been detected as adware by 29 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program LookThisUp by Sea Bug, LLC which is a potentially unwanted software program. According to AVG, this software downloads additional adware offers during setup.

File name:

Installer.exe

Publisher:

Sea Bug (signed and verified)

Product:

Installer

Version:

1.0.0.0

MD5:

cffe22c999409948a1bdcb8952e41639

SHA-1:

9019c5fa5ff027c649ef17dc61a8c76a1000ac7a

SHA-256:

77285e81825a7e6de963810790d135d68941f8e40b6e1449cc5e0ae9983a551e

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/8/2024 5:36:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OMN

389

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2015.03.10

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.215.190

avast!

Win32:IBryte-HD [PUP]

2014.9-160112

AVG

Downloader

2017.0.2867

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.16112

Bitdefender

Adware.Agent.OMN

1.0.20.60

Comodo Security

ApplicUnwnt

21358

Dr.Web

Adware.iBryte.492

9.0.1.012

Emsisoft Anti-Malware

Adware.Agent.OMN

8.16.01.12.01

ESET NOD32

MSIL/Adware.iBryte (variant)

10.11295

Fortinet FortiGate

Adware/IBryte

1/12/2016

F-Secure

Adware.Agent.OMN

11.2016-12-01_3

G Data

Adware.Agent.OMN

16.1.25

IKARUS anti.virus

not-a-virus:AdWare.MSIL.Agent

t3scan.1.8.3.0

K7 AntiVirus

Adware

13.186.14225

Malwarebytes

Trojan.MSIL.Bladabindi

v2016.01.12.01

McAfee

Artemis!6E8A407BDFCE

5600.6523

MicroWorld eScan

Adware.Agent.OMN

17.0.0.36

nProtect

Adware.Agent.OMN

15.03.09.01

Panda Antivirus

Trj/CI.A

16.01.12.01

Qihoo 360 Security

Win32/Virus.Adware.529

1.0.0.1015

Reason Heuristics

PUP.Yontoo.SeaBug.Installer (M)

16.1.12.1

Sophos

Generic PUA IJ

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9391

Trend Micro House Call

TROJ_GEN.R002C0OKN14

7.2.12

Trend Micro

TROJ_GEN.R002C0OKN14

10.465.12

VIPRE Antivirus

iBryte

38286

File size:

201.6 KB (206,480 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

Sea Bug

Authority:

GoDaddy.com, Inc.

Valid from:

7/25/2014 10:59:04 PM

Valid to:

7/25/2015 10:59:04 PM

Subject:

CN=Sea Bug, O=Sea Bug, L=Orange, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

081CF04D6E5726

File PE Metadata

Compilation timestamp:

9/27/2014 8:03:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:79YOIDfHsesBK7VRXmXbQI7FXd7XXLJUwEf96:pYNDvsnBARWlFXpF18E

Entry address:

0x30FBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 14, 11, 00, 80, 10, 00, 00, 00, 64, 11, 00, 80, 18, 00, 00, 00, 50, 14, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

188 KB (192,512 bytes)

The file Installer.exe has been discovered within the following program.

LookThisUp by Sea Bug, LLC

LookThisUp is an adware Internet extension that will inject advertisements to the browser on web pages that are not affiliated with the ads or the extension. Ads will be places as new ads that would not normally appear.

lookthisup.net

82% remove it

The file Installer.exe has been seen being distributed by the following URL.

http://d32k27yvyi4kmv.cloudfront.net/.../Installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove Installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.