» p0sixspwn_v1.0.8_setup.exe
Overview
Analysis
File Details
Downloads (1)

p0sixspwn_v1.0.8_setup.exe

Windfunction

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application p0sixspwn_v1.0.8_setup.exe, “Superior Installer ” by Windfunction has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from secure.10-pn-installer.com.

File name:

Publisher:

Superior Installer (signed by Windfunction)

Product:

Superior Installer

Description:

Superior Installer

Version:

2.4.8.1

MD5:

9bd0834c9165e13e34733d2b58e0e331

SHA-1:

667646dc4ec811ff66ca6407189874fcd09fa36f

SHA-256:

b9c6cd626d2135a71a28daf95443294db99b830b2d44084fd130d157160afd76

Scanner detections:

23 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 8:30:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.171872

6462052

AhnLab V3 Security

PUP/Win32.IBryte

2015.02.07

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.208.88

avast!

Win32:Adware-gen [Adw]

150203-1

AVG

AdPlugin

2016.0.3206

Bitdefender

Gen:Variant.Application.Bundler.Graftor.171872

1.0.20.190

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Ibryte.KS

20991

Dr.Web

Trojan.iBryte.270

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Graftor.171872

9.0.0.4799

ESET NOD32

Win32/Adware.iBryte.BX application

7.0.302.0

F-Prot

W32/S-ce322a65

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

5.13.68

G Data

Gen:Variant.Application.Bundler.Graftor.171872

15.2.25

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.193.14895

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.171872

16.0.0.114

NANO AntiVirus

Riskware.Win32.IBryte.dmjzbp

0.30.0.65070

Norman

IBryte.URL

11.20150207

Panda Antivirus

Generic Suspicious

15.02.07.02

Reason Heuristics

PUP.Installer.Adknowledge

15.2.7.2

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4798837

36694

File size:

560.9 KB (574,328 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\p0sixspwn_v1.0.8_setup.exe

Digital Signature

Signed by:

Windfunction

Authority:

COMODO CA Limited

Valid from:

7/15/2014 8:00:00 PM

Valid to:

7/16/2015 7:59:59 PM

Subject:

CN=Windfunction, O=Windfunction, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E543C0EBB96BD9FC190B35854E9E8371

File PE Metadata

Compilation timestamp:

1/27/2015 10:00:26 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:x0JK+9BZO9wVCzklhPJfIWdfZjMai0NqH35:xiFOW+klhPx7xjMaiSk5

Entry address:

0x251D1

Entry point:

E8, 9E, AD, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 64, 94, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 78, 90, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Entropy:

5.7547

Code size:

286 KB (292,864 bytes)

The file p0sixspwn_v1.0.8_setup.exe has been seen being distributed by the following URL.

http://secure.10-pn-installer.com/o/.../p0sixspwn_v1.0.8_Setup.exe

Remove p0sixspwn_v1.0.8_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.