home

installer_intel_widi_remote_1_0_0_french.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_intel_widi_remote_1_0_0_french.exe by Free Software has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer.
Publisher:
Free Software LLC  (signed and verified)

MD5:
c496f7432e3609e2360b2727e31c0b99

SHA-1:
e95fbf651951b7292d8bfe562b33a13502d29dbd

SHA-256:
83a7a14a0e49dee49c3e888033db31f928138dee21d6488d207a5a6e776b01ae

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 2:42:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
Adware/InstaCore.onb
7.11.169.232

AVG
Adware BundleApp_r.Z
2014.0.4015

Comodo Security
TrojWare.Win32.Agent.IEXT
19348

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Vittalia
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Vittalia
v2014.08.29.03

McAfee
CryptVittalia
5600.7024

Norman
Vittalia.AXXN
11.20140829

Reason Heuristics
PUP.FreeSoftware.i
14.8.31.0

VIPRE Antivirus
Threat.4782551
32210

Zillya! Antivirus
Trojan.Black.Win32.17248
2.0.0.1905

File size:
5.2 MB (5,501,936 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\installer_intel_widi_remote_1_0_0_french.exe

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 12:08:01 PM

Valid to:
7/22/2015 1:23:49 PM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
7/8/2014 11:25:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:0s70+WNI4PgGe9W1etEmbMP/C6iMPebOLITiUlKlta445h32p0QWw24FvMUb47z4:00k

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
192.5 KB (197,120 bytes)

Remove installer_intel_widi_remote_1_0_0_french.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.