home

setup.exef08aa4e8

TODO:

iBryte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The file setup.exef08aa4e8, “iBryte ” by iBryte has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
iBryte  (signed and verified)

Product:
TODO: <Product name>

Description:
iBryte

Version:
1.0.0.1

MD5:
39213a8065d58c703326441312490963

SHA-1:
99fde92bfef6f8a1493d8aaffd485467997f3e39

SHA-256:
d42103fdfa7e388d0f20921ae22dd9a9673956bb1d64a6644e7803567b5b68f6

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 2:40:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.50602
5832705

AhnLab V3 Security
Adware/Win32.IBryte
2014.11.25

Bitdefender
Gen:Variant.Adware.Graftor.50602
1.0.20.1640

Comodo Security
Application.Win32.AgentCV.HWYE
20185

Dr.Web
Adware.iBryte.1
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.50602
9.0.0.4570

ESET NOD32
Win32/Adware.iBryte.E application
7.0.302.0

Fortinet FortiGate
Riskware/IBryte
11/24/2014

F-Prot
W32/Ibryte.A.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Graftor.50602
11.2014-24-11_2

G Data
Gen:Variant.Adware.Graftor.50602
14.11.24

Malwarebytes
Adware.IBryte
v2014.11.24.04

McAfee
Adware-OpenCandy.dll
5600.6936

MicroWorld eScan
Gen:Variant.Adware.Graftor.50602
15.0.0.984

Reason Heuristics
PUP.Installer.iBryte.N
14.11.24.15

Sophos
OpenCandy
4.98

Trend Micro House Call
ADW_OPENCANDY
7.2.328

Trend Micro
ADW_OPENCANDY
10.465.24

VIPRE Antivirus
Threat.4745967
35088

File size:
1.3 MB (1,330,864 bytes)

Product version:
1.0.0.1

Original file name:
Setup.exe

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exef08aa4e8

Digital Signature
Signed by:
iBryte

Authority:
VeriSign, Inc.

Valid from:
6/16/2010 8:00:00 PM

Valid to:
6/16/2012 7:59:59 PM

Subject:
CN=iBryte, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iBryte, L=New Castle County, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B2B3E2D634718E9BD4D41725481BAF3

File PE Metadata
Compilation timestamp:
11/19/2010 10:09:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:+XKdb20E7vZJQ6vMCxGcVtPkJS00z6Afp/kNKvDTaLIFG:+XOb20E7LDvlTM06AfpaKWYG

Entry address:
0x3E1F2

Entry point:
E8, 00, BD, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 68, ED, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 68, ED, 46, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.5806

Code size:
351.5 KB (359,936 bytes)

Remove setup.exef08aa4e8 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.