» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

Linkury

This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. The application installer.exe by Linkury has been detected as adware by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

Linkury (signed and verified)

MD5:

b958114d97202ada815f3580f5c09348

SHA-1:

c3e2eea43263cc610aa91f562ece2b1562012bca

SHA-256:

0b7b189d1e50350087c142a730586950eddf08dd3dc4b46b0c8b287433a696fc

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

5/11/2024 2:42:51 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

960

Agnitum Outpost

PUA.Toolbar.Linkury

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-140619

Bitdefender

Adware.Linkury.B

1.0.20.850

Dr.Web

Adware.Linkury.3

9.0.1.0170

Emsisoft Anti-Malware

Adware.Linkury

8.14.06.19.03

ESET NOD32

Win32/Toolbar.Linkury (variant)

8.9962

Fortinet FortiGate

Riskware/Toolbar_Linkury

6/19/2014

G Data

Adware.Linkury

14.6.24

McAfee

Artemis!B958114D9720

5600.7094

MicroWorld eScan

Adware.Linkury.B

15.0.0.510

Panda Antivirus

PUP/LinkUry

14.06.19.03

Reason Heuristics

PUP.Linkury.J

14.8.7.19

Trend Micro House Call

Suspicious_GEN.F47V0612

7.2.170

VIPRE Antivirus

Adware.Linkury

30416

File size:

10.5 MB (11,016,472 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\software\installer.exe

Digital Signature

Signed by:

Linkury

Authority:

VeriSign, Inc.

Valid from:

4/12/2012 1:00:00 AM

Valid to:

5/12/2015 12:59:59 AM

Subject:

CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

77A9B89A06B99100955A838E8BB46FF8

File PE Metadata

Compilation timestamp:

6/11/2014 1:30:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:sK82iCoHPfYGBXIBnNGYldcANGeJX80A+ShiiRT0fkAPxJf6u:fovfYGRZYT5jJG+UiPPJf

Entry address:

0x30596

Entry point:

E8, 1E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 1D, E8, FA, 1C, 00, 00, 83, 20, 00, E8, DF, 1C, 00, 00, C7, 00, 16, 00, 00, 00, E8, D8, 3F, 00, 00, 83, C8, FF, 5D, C3, FF, 75, 08, FF, 15, 8C, 80, 44, 00, 83, F8, FF, 75, 0F, FF, 15, D4, 80, 44, 00, 50, E8, DB, 1C, 00, 00, 59, EB, DE, F6, 45, 0C, 80, 74, 05, 83, E0, FE, EB, 03, 83, C8, 01, 50, FF, 75, 08, FF, 15, 6C, 81, 44, 00, 85, C0, 74, D5, 33, C0, 5D, C3, 6A, 0C, 68, 20, 29, 45, 00, E8, 9F, 82, 00, 00, 33, C0, 33, F6, 39... 
[+]

Entropy:

7.9324 (probably packed)

Code size:

284 KB (290,816 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.