» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

ReSoft LTD. (signed and verified)

MD5:

34b6f6092bfe6ae6490b4bf823fafdff

SHA-1:

a292fc72f1abde2a9226a5a27b01745dc068fc7b

SHA-256:

4f55db7ea2d94f209b6199adc59ed0e5d68bd400e87fcd70294eb59de7d326a2

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/24/2024 7:10:42 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SmartBar-A [PUP]

2014.9-140728

AVG

AdInject.Resoft.dropper

2015.0.3399

Dr.Web

Adware.Downware.1560

9.0.1.0121

ESET NOD32

Win32/Toolbar.Linkury (variant)

8.9731

Malwarebytes

PUP.Optional.Linkury.A

v2014.05.01.10

McAfee

Artemis!DE89D8867F1E

5600.7055

Reason Heuristics

PUP.ReSoft.J

14.8.8.1

VIPRE Antivirus

Adware.Linkury

24024

File size:

10.2 MB (10,731,552 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

8/1/2013 8:00:00 AM

Valid to:

8/2/2015 7:59:59 AM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

51FA31336CEC649121E9A908289950D2

File PE Metadata

Compilation timestamp:

10/6/2013 9:08:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:2j0i6yAOW9eYADU91h+RXilRdvgRHR3B9MHsKdNu7znJ:pb/dADU91h+2R9gRHG1i9

Entry address:

0x27B3A

Entry point:

E8, CE, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, B2, B0, 00, 00, 83, C4, 14, 5D, C3, E8, D0, 5E, 00, 00, 8B, 48, 6C, 3B, 0D, D8, 08, 45, 00, 74, 10, 8B, 0D, 8C, 06, 45, 00, 85, 48, 70, 75, 05, E8, 8C, 5C, 00, 00, A1, C8, 04, 45, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7... 
[+]

Entropy:

7.9151 (probably packed)

Code size:

252 KB (258,048 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.