» SimpleFilesInstaller.exe
Overview
Analysis
File Details
Programs (1)

SimpleFilesInstaller.exe

SimpleFiles Installer

New Monte Inc

The file SimpleFilesInstaller.exe by New Monte Inc has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. This file is typically installed with the program Update Service SimpleFiles by Blisbury LLP. It is also typically executed from the user's temporary directory.

File name:

Publisher:

New Monte Inc (signed and verified)

Product:

SimpleFiles Installer

Version:

1, 0, 173, 1

MD5:

bf67345406b07c0dd2fda1af9dae1dc7

SHA-1:

b723ce687fd8c05b54f3e8b00e7a0685fbbd2fc1

SHA-256:

6f81fed58547f73582babddd64f5d4b851ab690d2aa703b525b3f2082a49037c

Scanner detections:

15 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 6:03:03 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

APPL/Downloader.Gen8

7.11.206.0

avast!

Win32:PUP-gen [PUP]

150101-1

AVG

Adware BundleApp_r.AL

2014.0.4253

Dr.Web

Adware.Downware.8279

9.0.1.05190

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

7.0.302.0

G Data

Win32.Application.Expressdownloader

15.1.25

IKARUS anti.virus

PUA.Expressdownloader

t3scan.1.8.6.0

NANO AntiVirus

Riskware.Win32.Downware.dedwnb

0.30.0.65070

Norman

Gen:Variant.Strictor.67248

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.01.30.12

Reason Heuristics

PUP.Installer.Blisbury

15.1.30.12

Sophos

PUA 'Go For Files'

5.09

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

File size:

2.6 MB (2,730,584 bytes)

Product version:

1.0.0.1

Original file name:

SimpleFilesInstaller.exe

Bundler/Installer:

SimpleFiles

Language:

English

Common path:

C:\users\{user}\appdata\local\temp\nr4jzwxsps.tmp

Digital Signature

Signed by:

New Monte Inc

Authority:

DigiCert Inc

Valid from:

12/2/2013 3:00:00 AM

Valid to:

12/6/2016 3:00:00 PM

Subject:

CN=New Monte Inc, O=New Monte Inc, L=Mahe, S=Seychelles, C=SC

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0EF12F8AD3F2DFB7CD5C8F46FEE59C5C

File PE Metadata

Compilation timestamp:

8/14/2014 2:02:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:AmWCLty7/g4sSC4MADZJ0RizBTAjwcl2VM3VIW9NVvDbAu/Nsc7758II8l5kfyx:Am1LtypsZ4xDZJ0RizBew7VuIW9NVvnx

Entry address:

0x32E3D0

Entry point:

60, BE, 00, 30, 4B, 00, 8D, BE, 00, E0, F4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.7428

Packer / compiler:

UPX 2.90LZMA

Code size:

2.5 MB (2,605,056 bytes)

The file SimpleFilesInstaller.exe has been discovered within the following program.

Update Service SimpleFiles by Blisbury LLP

simple-files.com

53% remove it

Remove SimpleFilesInstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.