» pidgin.exe
Overview
Analysis
File Details
Downloads (1)

pidgin.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application pidgin.exe by InstallX has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 1-vinstaller.com.

File name:

pidgin.exe

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.62.0

MD5:

ed2fc527dc083d778e849b8f930c44b5

SHA-1:

9bdba1ffa8fe17a56aba863862fb7314177d8f00

Scanner detections:

35 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 5:12:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.CM

413

AhnLab V3 Security

PUP/Win32.SafeInstaller

2015.01.17

Avira AntiVirus

APPL/InstallIQ.Gen4

7.11.202.226

avast!

Adware-gen [Adw]

2014.9-151218

AVG

Generic

2016.0.2891

Baidu Antivirus

Adware.Win32.InstallIQ

4.0.3.151218

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.1760

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallIQ.B

20767

Dr.Web

Adware.Downware.9508

9.0.1.0352

Emsisoft Anti-Malware

Application.Bundler.CM

8.15.12.18.01

ESET NOD32

Win32/InstallIQ.A potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/Agent

12/18/2015

F-Prot

W32/InstallIQ.A.gen

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.CM

11.2015-18-12_6

G Data

Win32.Application.InstallIQ

15.12.24

IKARUS anti.virus

PUA.InstallIQ

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.191.14686

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.952

Malwarebytes

PUP.Optional.SafeInstall.A

v2015.12.18.01

McAfee

Program.PUP-FPB

5600.6547

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.155902

16.0.0.1056

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.30.0.64448

Norman

Application.Bundler.CM

11.20151218

Panda Antivirus

Trj/Genetic.gen

15.12.18.01

Qihoo 360 Security

Win32/Application.ab7

1.0.0.1015

Quick Heal

Downloader.NSIS.g1c (Not a Virus)

12.15.14.00

Reason Heuristics

PUP.InstallX.SafeInstall.Installer (M)

15.12.18.13

Rising Antivirus

PE:Trojan.Win32.Generic.174C4940!390875456

23.00.65.151216

Sophos

InstallQ

4.98

Trend Micro House Call

TROJ_DOWNLOADER_DL090003.UVPA

7.2.352

Trend Micro

TROJ_DOWNLOADER_DL090003.UVPA

10.465.18

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

InstallIQ Installer

36788

Zillya! Antivirus

Downloader.Agent.Win32.221392

2.0.0.1926

File size:

1.9 MB (1,986,072 bytes)

Product version:

1.0.62.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\my pictures\pidgin.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/20/2014 8:00:00 PM

Valid to:

4/8/2015 8:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

9/29/2014 11:55:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:MhJZ3Jg3RxxQ4lnr8WE6BmdRYK8nIvk4Iym8S16YdTd6cbxC61YSx0VYhN5TOO5a:uBWE6uqIvAyJYb6c061BhNT/wTjVXMa

Entry address:

0x5AB6A

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, B0, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.0481

Code size:

1.1 MB (1,116,672 bytes)

The file pidgin.exe has been seen being distributed by the following URL.

http://1-vinstaller.com/.../download?accountid=13230&shortname=pidgin&campaignname=pdg

Remove pidgin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.