» installer_internet_download_manager_6_21_build_15_french.exe
Overview
Analysis
File Details
Downloads (1)

installer_internet_download_manager_6_21_build_15_french.exe

Sanflex

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_internet_download_manager_6_21_build_15_french.exe by Sanflex has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

Sanflex (signed and verified)

MD5:

6000bf59df7731373154558f4f5fd0cb

SHA-1:

6f36ca2f81c492a4cff0b21ac4477e70215a9427

SHA-256:

28a7ca9bc67638b09572a2621e7f99305e99804b25d94b9ade4c424e13b6c7ea

Scanner detections:

25 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 11:17:23 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.KJ

5807185

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Downware

2015.05.12

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:DownloadAdmin-B [PUP]

150319-1

AVG

Generic

2016.0.3112

Bitdefender

Application.Bundler.KJ

1.0.20.660

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Downloadadmin

0.98/21511

Comodo Security

Application.Win32.DownloadAdmin.ANGL

22090

Dr.Web

Adware.Downware.2220

9.0.1.0132

Emsisoft Anti-Malware

Application.Bundler.KJ

10.0.0.5366

ESET NOD32

Win32/DownloadAdmin.H potentially unwanted application

9.7.0.302.0

F-Prot

W32/S-518b5669

v6.4.7.1.166

F-Secure

Adware:W32/WebInstallBundle

11.2015-12-05_3

G Data

Application.Bundler.KJ

15.5.25

herdProtect (fuzzy)

variant of opera-setup.exe (Adware)

2015.8.9.9

K7 AntiVirus

Unwanted-Program

13.185.14098

Malwarebytes

PUP.Optional.DownloadAdmin

v2015.05.12.11

MicroWorld eScan

Application.Bundler.KJ

16.0.0.396

NANO AntiVirus

Riskware.Win32.Downware.djahkt

0.28.6.63474

Reason Heuristics

Threat.Tightrope.Installer

15.5.12.7

Total Defense

Win32/Tnega.IQCCUAC

37.1.62.1

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4783369

35010

File size:

822.6 KB (842,344 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Tightrope WebInstall (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installer_internet_download_manager_6_21_build_15_french.exe

Digital Signature

Signed by:

Sanflex

Authority:

VeriSign, Inc.

Valid from:

7/22/2014 2:00:00 AM

Valid to:

7/22/2017 1:59:59 AM

Subject:

CN=Sanflex, O=Sanflex, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

42D7699269B5BB95341F5DA022F6E57D

File PE Metadata

Compilation timestamp:

7/15/2014 6:29:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wxpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8S3:0p9sVuaVdvgVbmgGDijyikg53

Entry address:

0x3345

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file installer_internet_download_manager_6_21_build_15_french.exe has been seen being distributed by the following URL.

http://french.eazel.com/lv/software/downloadf/.../Internet_Download_Manager.htm

Remove installer_internet_download_manager_6_21_build_15_french.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.