» PreInstallChecker.exe
Overview
Analysis
File Details
Downloads (1)

PreInstallChecker.exe

PreInstallChecker

Adknowledge

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application PreInstallChecker.exe has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer, however the file is not signed with an authenticode signature from a trusted source. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install.browsersafeguard.com.

File name:

Publisher:

Adknowledge

Product:

PreInstallChecker

Version:

1.0.0.0

MD5:

05094026d30c2d9d05905923d3650f9a

SHA-1:

ec9b3f1ee11871063d6e8578d42e0971eb578ece

SHA-256:

88c193188d3778cf4e25d056fbb997861ef33c219bac7bbfe2b326511316cc23

Scanner detections:

2 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 8:40:14 PM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.02.17.06

Reason Heuristics

PUP.Adknowledge.R

14.2.17.6

File size:

14.5 KB (14,848 bytes)

Product version:

1.0.0.0

Original file name:

PreInstallChecker.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\preinstallchecker.exe

File PE Metadata

Compilation timestamp:

8/21/2013 1:37:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:hx5gpMjgr9iCxFvwHwkhi+1M0Z5aH1YAETeXetOA5aHV:hxypMjgr95xFIHwkJ4EyXLA5aHV

Entry address:

0x4FDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.3261

Code size:

12 KB (12,288 bytes)

The file PreInstallChecker.exe has been seen being distributed by the following URL.

http://install.browsersafeguard.com/.../preinstallchecker.exe

Remove PreInstallChecker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.