» linksicle-setup-1.8.2.0.exe
Overview
Analysis
File Details
Downloads (3)

linksicle-setup-1.8.2.0.exe

Linksicle

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application linksicle-setup-1.8.2.0.exe by Linksicle has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr9.com and multiple other hosts.

File name:

Publisher:

Linksicle (signed and verified)

Product:

Linksicle

Description:

Linksicle Setup

Version:

1.8.2.0

MD5:

5a02633ccd7884b65e4448a53fabf5a5

SHA-1:

f5e06e8ee08ecd7fdf6c0b13e8f1eb6dcbf2b799

SHA-256:

71915f920439b5655de8cb2b3ad4ae8ffc5f027aa57012afb75c9b674ba4e9db

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

4/18/2024 11:31:00 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.AdPage.A

1149

Avira AntiVirus

Adware/AdPage.A.2

7.11.145.130

AVG

Generic5

2014.0.3627

Bitdefender

Adware.AdPage.A

1.0.20.1630

Bkav FE

W32.Clode3c.Trojan

1.3.0.4613

Comodo Security

ApplicUnwnt

18179

Dr.Web

Adware.Plugin.101

9.0.1.0346

Emsisoft Anti-Malware

Adware.AdPage

8.13.11.22.08

ESET NOD32

Win32/AdWare.Vitruvian (variant)

7.9190

Fortinet FortiGate

Riskware/Vitruvian

12/12/2013

F-Secure

Adware.AdPage.A

11.2013-22-11_6

G Data

Adware.AdPage

13.11.22

IKARUS anti.virus

AdWare.AdPage

t3scan.2.2.29

Malwarebytes

PUP.Optional.Linksicle

v2013.11.22.08

McAfee

Artemis!5A02633CCD78

5600.7283

MicroWorld eScan

Adware.AdPage.A

14.0.0.978

NANO AntiVirus

Trojan.Win32.Plugin.csnynj

0.28.0.59492

nProtect

Adware.AdPage.A

13.12.29.01

Qihoo 360 Security

Win32/Virus.Adware.787

1.0.0.1015

Reason Heuristics

PUP.Installer.Linksicle.U

14.8.7.20

Trend Micro House Call

TROJ_GEN.F47V1213

7.2.326

VIPRE Antivirus

Trojan.Win32.Generic

24868

File size:

1.5 MB (1,579,616 bytes)

Product version:

1.8.2.0

Original file name:

linksicle-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\linksicle-setup-1.8.2.0.exe

Digital Signature

Signed by:

Linksicle

Authority:

GlobalSign nv-sa

Valid from:

5/15/2013 7:59:47 AM

Valid to:

5/16/2014 7:59:47 AM

Subject:

E=support@linksicle.com, CN=Linksicle, O=Linksicle, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11212949C7E0DD2DAE02FDADCB01A5928F0B

File PE Metadata

Compilation timestamp:

12/5/2009 2:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:8sj1UKIMoY7b0VIe8kX5XL1LUutO+COJx:8sj1UKIMoY7OB0qJx

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9290

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file linksicle-setup-1.8.2.0.exe has been seen being distributed by the following 3 URLs.

http://cdn.airdlr9.com/downloads/offers/.../linksicle-setup-1.8.2.0.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../linksicle-setup-1.8.2.0.exe

http://cdninst.com/offers/.../LessTabs.exe

Remove linksicle-setup-1.8.2.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.