home

maps.exe

SOFTWARE INSTALLER

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application maps.exe, “Fusion Install ” by SOFTWARE INSTALLER has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from 735322.gosecureinstall.com.
Publisher:
Fusion Install   (signed by SOFTWARE INSTALLER)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
167011e7f064c6066e76e90471206348

SHA-1:
592a9048702d32a67267965f74c34d964a07852a

SHA-256:
a4bd5ec847a4df8e5c0f3ce931f143b754614cb661af8da5021c3e5ae3d9f993

Scanner detections:
36 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 9:17:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.OptimumInstaller.3
364

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.OptimumInstaller
2015.03.14

Avira AntiVirus
Adware/iBryte.bxor
7.11.217.16

avast!
Win32:IBryte-DB [PUP]
2014.9-160205

AVG
Adware AdPlugin
2017.0.2842

Bitdefender
Gen:Variant.Application.Bundler.OptimumInstaller.3
1.0.20.180

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Ibryte-265
0.98/20188

Comodo Security
ApplicUnwnt
18016

Dr.Web
Trojan.Packed.27099
9.0.1.036

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.OptimumInstaller
8.16.02.05.09

ESET NOD32
Win32/AdWare.iBryte.AE application
10.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2238381
2/5/2016

F-Prot
W32/A-3500492f
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2016-05-02_6

G Data
Gen:Variant.Application.Bundler.OptimumInstaller
16.2.25

IKARUS anti.virus
AdWare.AdPlugin
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.176.11595

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.706

Malwarebytes
PUP.Optional.OptimumInstaller.A
v2016.02.05.09

McAfee
Artemis!9F3D6B19E1FF
5600.6498

MicroWorld eScan
Gen:Variant.Application.Bundler.OptimumInstaller.3
17.0.0.108

NANO AntiVirus
Trojan.Win32.Downware.cukphe
0.28.0.58720

Norman
Downloader
11.20160205

nProtect
Trojan/W32.Badur.225584
15.03.13.01

Panda Antivirus
Trj/Genetic.gen
16.02.05.09

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
2.16.14.00

Reason Heuristics
PUP.Adknowledge.SOFTWAREINSTALLER.Installer (M)
16.2.5.21

Rising Antivirus
PE:Malware.iBryte!6.197B
23.00.65.16203

Sophos
iBryte Optimum Installer
4.98

Trend Micro House Call
TROJ_GEN.F47V0310
7.2.36

Vba32 AntiVirus
AdWare.iBryte
3.12.26.3

VIPRE Antivirus
Threat.4778314
38050

Zillya! Antivirus
Adware.iBryte.Win32.1019
2.0.0.2098

File size:
221.3 KB (226,608 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\maps.exe

Digital Signature
Signed by:
SOFTWARE INSTALLER

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=SOFTWARE INSTALLER, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SOFTWARE INSTALLER, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
652F70E683E058123B6C29E79760D2E0

File PE Metadata
Compilation timestamp:
6/8/2014 5:00:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:8xq4MOxfucEcfCHE7KeSIbMdpJiBON1P9kOzqG5NFpu55X9:D4jWH6CHgMM8yOFpu5p9

Entry address:
0xF5D7

Entry point:
E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 82, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 80, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3593

Code size:
154.5 KB (158,208 bytes)

The file maps.exe has been seen being distributed by the following URL.

http://735322.gosecureinstall.com/o/.../Maps.exe

Remove maps.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.