home

mediaclassic.exe

InstallIQ

InstallX, LLC

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The application mediaclassic.exe, “InstallIQ Installation Utility” by InstallX has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer.
Publisher:
InstallX, LLC  (signed and verified)

Product:
InstallIQ

Description:
InstallIQ Installation Utility

Version:
1.0.23.0

MD5:
1f60a7b2005f8f54cc87b9815e4ec0f9

SHA-1:
abe4f7a61dc8940f8428efc63fe780e445417749

SHA-256:
00c07825d469266168df8f0d648298e48b4bc490c1c7f935f1a0eae03432eec2

Scanner detections:
28 / 68

Status:
Adware

Explanation:
InstallIQ is a bundled offer download and install manager that is designed to show sponsored offers during installation that typically includes adware type toolbars, browser extensions and plugin or other potentially unwanted software along with the promised application.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 9:59:46 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Hoax.W32.ArchSMS
2.1.4+

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Installiq
2014.02.01

Avira AntiVirus
APPL/InstallIQ.lam.1
7.11.117.248

avast!
Win32:Adware-gen [Adw]
2014.9-160211

AVG
MultiBundle
2017.0.2837

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallIQ.B
20922

Dr.Web
Adware.Downware.2512
9.0.1.042

Emsisoft Anti-Malware
Win32.Expiro.BV
8.16.02.11.10

ESET NOD32
Win32/InstallIQ.A potentially unwanted (variant)
10.11106

G Data
Win32.Application.InstallIQ
16.2.25

IKARUS anti.virus
AdWare.MultiBundle
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14824

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.678

Malwarebytes
PUP.Optional.InstallIQ
v2016.02.11.10

McAfee
Artemis!710D127CD5C5
5600.6493

NANO AntiVirus
Riskware.Win32.Searcher.csnymk
0.30.0.65070

Quick Heal
Downloader.NSIS.g1a (Not a Virus)
2.16.14.00

Reason Heuristics
PUP.InstallX.Installer (M)
16.2.11.10

Rising Antivirus
PE:PUF.InstallIQ!1.9E4F
23.00.65.16209

Sophos
InstallQ
4.98

Total Defense
Win32/Tnega.eKHcQJB
37.0.11415

Trend Micro House Call
TROJ_GEN.R0CBC0OK914
7.2.42

Trend Micro
TROJ_GEN.R0CBC0OK914
10.465.11

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
InstallIQ Installer
37160

Zillya! Antivirus
Downloader.Agent.Win32.202248
2.0.0.2050

File size:
1.5 MB (1,604,688 bytes)

Product version:
1.0.23.0

Copyright:
Copyright (C) 2013

Original file name:
installer.vi.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mediaclassic.exe

Digital Signature
Signed by:
InstallX, LLC

Authority:
DigiCert Inc

Valid from:
9/2/2013 7:00:00 PM

Valid to:
9/8/2014 7:00:00 AM

Subject:
CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
071B864F59B4A7393276E57C53092BA6

File PE Metadata
Compilation timestamp:
12/5/2013 3:45:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:tTsoAr6DaXGkI/XtQEqyR+TMTjL4WGcIs:TA4k2Q7yRH4Xs

Entry address:
0x47D3D

Entry point:
E8, F0, 3A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 5B, 51, 00, E8, 2D, 2B, 00, 00, E8, BD, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 83, 3A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 64, 34, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.9514

Code size:
921 KB (943,104 bytes)

Remove mediaclassic.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.