music.exe

InstallIQ Installation Utility

W3i, LLC

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The application music.exe by W3i has been detected as adware by 18 anti-malware scanners. The file has been seen being downloaded from dl2.iq5download.com.
Publisher:
W3i, LLC  (signed and verified)

Product:
InstallIQ Installation Utility

Version:
2.102.0.0

MD5:
a3bbe52bb79ca519f043b3790d284a81

SHA-1:
7e81b03f7545bd400f432e469bedd6e5e7f0d51d

SHA-256:
115e2b103b5f985c04341f3e31034f300ff0c4d1e6094fb6558a2b7107a7e926

Scanner detections:
18 / 68

Status:
Adware

Explanation:
InstallIQ is a bundled offer download and install manager that is designed to show sponsored offers during installation that typically includes adware type toolbars, browser extensions and plugin or other potentially unwanted software along with the promised application.

Analysis date:
9/21/2018 11:01:54 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/InstallIQ.Gen5
7.11.152.210

avast!
Malware-gen
2014.9-151006

AVG
Adware InstallIQ.R
2016.0.3012

Dr.Web
Adware.W3i.9
9.0.1.0231

eSafe
Win32.Trojan
7.0.17.0

ESET NOD32
Win32/InstallIQ.A potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Adware/InstallIQ
8/19/2015

herdProtect (fuzzy)
2015.10.6.21

K7 AntiVirus
Unwanted-Program
13.178.12292

K7 Gateway Antivirus
Unwanted-Program
13.178.12292

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1316

Malwarebytes
PUP.Optional.InstallIQ.A
v2015.08.19.07

McAfee
Artemis!A3BBE52BB79C
5600.6668

McAfee Web Gateway
Artemis!A3BBE52BB79C
7.6668

Reason Heuristics
PUP.InstallX.W3i.Installer (M)
15.8.19.19

Sophos
InstallIQ
4.70

Trend Micro House Call
TROJ_INSTALLIQ_0000000.TOMA
7.2.231

VIPRE Antivirus
Threat.4150696
38882

File size:
1.5 MB (1,614,528 bytes)

Product version:
2.102.0.0

Copyright:
Copyright ©2011 W3i Holdings, LLC. All rights reserved.

Original file name:
InstallIQ.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/18/2011 5:00:00 PM

Valid to:
7/1/2013 4:59:59 PM

Subject:
CN="W3i, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="W3i, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6A5D73F262C38BBD4578AB6AD713318D

File PE Metadata
Compilation timestamp:
10/11/2011 5:21:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:TBfONcUnsKjY1CMVd8uI//mGonq9TDGrU:TQK2EdnIGGD

Entry address:
0x41B54

Entry point:
E8, 9A, 9E, 00, 00, E9, 78, FE, FF, FF, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04...
 
[+]

Entropy:
6.9909

Code size:
938.5 KB (961,024 bytes)

The file music.exe has been seen being distributed by the following URL.

Remove music.exe - Powered by Reason Core Security