home

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 14 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.goartclixfast.us and multiple other hosts.
Publisher:
ReSoft LTD.  (signed and verified)

MD5:
aa7cf0f0d1117d28b631b10f40d798e9

SHA-1:
c91c61d948518dfe6d52cb956c8706d6b595ef47

SHA-256:
c74f28b9e93adc5916f3416fb5fd9b0a1da714d4e1be891a24e4923aff266c85

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/19/2024 4:29:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.@xX@g9b!kqkO
494

avast!
Win32:SmartBar-A [PUP]
2014.9-150929

AVG
AdInject.Resoft
2016.0.2972

Bitdefender
Gen:Adware.Heur.@xX@g9b!kqkO
1.0.20.1360

Clam AntiVirus
Win.Trojan.Toopu-2
0.98/21511

Dr.Web
Trojan.Siggen5.10351
9.0.1.0272

Emsisoft Anti-Malware
Gen:Adware.Heur.@xX@g9b!kqkO
8.15.09.29.03

ESET NOD32
Win32/Toolbar.Linkury.E potentially unwanted (variant)
9.11244

F-Secure
Gen:Adware.Heur.@xX@g9b!kqkO
11.2015-29-09_3

G Data
Gen:Adware.Heur.@xX@g9b!kqkO
15.9.25

MicroWorld eScan
Gen:Adware.Heur.@xX@g9b!kqkO
16.0.0.816

NANO AntiVirus
Trojan.Win32.Linkury.dijuvv
0.30.0.296

Reason Heuristics
PUP.Resoft.Installer (M)
15.9.29.3

VIPRE Antivirus
Adware.Linkury
37966

File size:
8.8 MB (9,276,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/29/2012 9:00:00 PM

Valid to:
7/30/2013 8:59:59 PM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
4/2/2013 8:32:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:IbQi/NZ4I/HnkADU91h+RXPhuv29pb5UOCdK8lio1mMFq6Vo/:NOZiADU91h+lEv29pb25XJMMi/

Entry address:
0x27555

Entry point:
E8, 53, A3, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 37, B1, 00, 00, 83, C4, 14, 5D, C3, E8, 25, 5F, 00, 00, 8B, 48, 6C, 3B, 0D, D8, 08, 45, 00, 74, 10, 8B, 0D, 8C, 06, 45, 00, 85, 48, 70, 75, 05, E8, E1, 5C, 00, 00, A1, C8, 04, 45, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83...
 
[+]

Code size:
251 KB (257,024 bytes)

The file installer.exe has been seen being distributed by the following 2 URLs.

http://cdn.goartclixfast.us/.../SnapBarInstaller_v2.exe

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.