home

installwizard101.exe

InstallShield

KingsIsle Entertainment, Inc

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from versionec.us.wizard101.com.
Publisher:
Acresso Software Inc.  (signed by KingsIsle Entertainment, Inc)

Product:
InstallShield

Description:
Setup.exe

Version:
15.0.498

MD5:
12b0886a08322dc69c8e11eb010818d8

SHA-1:
c2307381adb6488d44656be200340c928fabcf69

SHA-256:
7210abbc7b908e9600b03c02c81d96581319f4f7b3f939674f7744a850943c28

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:33:27 AM UTC  (today)

File size:
11.7 MB (12,243,552 bytes)

Product version:
15.0

Copyright:
Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installwizard101.exe

Digital Signature
Signed by:
KingsIsle Entertainment, Inc

Authority:
Thawte, Inc.

Valid from:
4/24/2014 8:00:00 PM

Valid to:
5/7/2015 7:59:59 PM

Subject:
CN="KingsIsle Entertainment, Inc", OU=WEB SERVICES, O="KingsIsle Entertainment, Inc", L=Plano, S=Texas, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6C115C863738604FEFFBC9CE617933D9

File PE Metadata
Compilation timestamp:
5/9/2008 11:39:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:05CT3T2N9+pOjAlqLVgjPcZAXa9G7Hd7icsPsk7Sv:0WLpb0gjGAK9G54Px4

Entry address:
0x21EE4

Entry point:
89, 74, 24, 48, C7, 06, 7C, 9E, 44, 00, C7, 07, 74, 9E, 44, 00, E8, 4B, 85, 00, 00, 8D, 44, 24, 60, 8D, 4C, 24, 64, F7, D8, 1B, C0, C6, 84, 24, F0, 00, 00, 00, 0C, 23, C1, 8D, 4E, 04, 50, E8, BC, 80, 00, 00, 8D, 4E, 14, C6, 84, 24, F0, 00, 00, 00, 0D, E8, 0C, 85, 00, 00, 6A, 00, 8B, CF, C6, 84, 24, F4, 00, 00, 00, 0E, E8, 3B, 85, 00, 00, 8B, 8C, 24, F8, 00, 00, 00, 88, 9C, 24, F0, 00, 00, 00, E8, 08, 0F, 00, 00, 8B, F0, 85, F6, 75, 65, 8D, 44, 24, 38, 8D, 54, 24, 58, F7, D8, 1B, C0, C7, 84, 24, C8, 00, 00...
 
[+]

Entropy:
7.5390

Code size:
288 KB (294,912 bytes)

The file installwizard101.exe has been seen being distributed by the following URL.

http://versionec.us.wizard101.com/InstallWizard101.exe

Scan installwizard101.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.