safesaver.exe
Moshe Caspi
This program bundles adware during the download and install process using the InstaleRex pay-per-install app monetizer. The application safesaver.exe, “Installer for StarApp” by Moshe Caspi has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
StarApp (signed by Moshe Caspi)
Description:
Installer for StarApp
MD5:
9905ec73339cd8075106e10e1fd5600d
SHA-1:
434ed92a647ac8d468547777e0c72592384c17a2
SHA-256:
2119b1c8bfdc26f049adab7f83c0604efc7fdb5dcebb34ffa27dd01bd29d141a
Scanner detections:
9 / 68
Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.
Analysis date:
3/29/2024 5:59:38 AM UTC (today)
Scan engine
Detection
Engine version
Avira AntiVirus
ADWARE/InstallRex.Gen
7.11.90.246
avast!
Win32:Downloader-TBH [Adw]
2014.9-130717
AVG
AdInstaller.P
2014.0.3501
Boost by Reason
Trojan.Adw.MosheCaspi.9
2013.7.17.17
Dr.Web
Adware.Downware.1166
9.0.1.0198
ESET NOD32
Win32/InstalleRex
7.8579
Reason Heuristics
Adware.WebPick.Installer.J
14.8.7.17
VIPRE Antivirus
Artua Vladislav
19664
File size:
290.6 KB (297,616 bytes)
Copyright:
Copyright © 2012 StarApp
Original file name:
TSULoader.exe
File type:
Executable application (Win32 EXE)
Installer:
WebPick InstalleRex (Tarma)
Language:
Language Neutral
Common path:
C:\users\{user}\downloads\safesaver.exe
Authority:
COMODO CA Limited
Valid from:
8/1/2012 8:00:00 PM
Valid to:
8/2/2013 7:59:59 PM
Subject:
CN=Moshe Caspi, O=Moshe Caspi, STREET=Hashuk 39, L=Tel Aviv, S=Israel, PostalCode=66067, C=IL
Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:
00B1B859272556EC39AF8F0E4A626C2ADC
Compilation timestamp:
3/12/2013 4:51:45 AM
Code size:
7.5 KB (7,680 bytes)
The file safesaver.exe has been seen being distributed by the following URL.
The executing file has been seen to make the following network communications in live environments.
http://c1.stylezip.info/?step_id=1&installer_id=1316&publisher_id=316&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=3948&external_id=0&session_id=7896&hardware_id=9212&installer_file_name=safesaver