» sfa_inst.exe
Overview
Analysis
File Details
Programs (3)

sfa_inst.exe

Smart File Advisor

Total Pc

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application sfa_inst.exe, “Smart File Advisor Setup ” by Total Pc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. Additionally, the file is typically installed by a number of programs including Final Video Downloader 2013 by Bitberry Software and Final Video Downloader 2011 by Bitberry Software, both potentially unwanted software.

File name:

sfa_inst.exe

Publisher:

Filefacts.net (signed by Total Pc)

Product:

Smart File Advisor

Description:

Smart File Advisor Setup

Version:

1.1.1.0

MD5:

34f00bc669418e175614d6db92442dfe

SHA-1:

fe9a058724b0fde8cc3e2858f51588dcb0551028

SHA-256:

6615f85059548f77b72c4803904628b5e44df6f833b9ffadc46f14d379b9457f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 3:06:39 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.Installer

15.6.7.12

File size:

571.6 KB (585,336 bytes)

Product version:

1.1.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\Program Files\smart file advisor\sfa_inst.exe

Digital Signature

Signed by:

Total Pc

Authority:

The USERTRUST Network

Valid from:

3/30/2011 2:00:00 AM

Valid to:

3/30/2012 1:59:59 AM

Subject:

CN=Total Pc, O=Total Pc, STREET=29 coopers mill avenue, STREET=Dundonald, L=Belfast, S=Antrim, PostalCode=bt161wr, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00F9BAEE6A0D352EEBA49E9B8D15A73F81

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:nna9pl1Qdrax/rlIRyqBN+KIecnrZotEiE5zKHWiwj7hWAeccOanpTQulypSzV:nnazl1Qdrax/rVi+FZQEiYLiGERnp0VU

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file sfa_inst.exe has been discovered within the following programs.

Final Video Downloader 2011 by Bitberry Software

This software will install various bundled potentially unwanted programs via the InstallIQ distribution system. It will also modify system settings.

www.finalvideodownloader.com

60% remove it

Final Video Downloader 2012 by Bitberry Software

Final Video Downloader 2011 is a web browser plug-in and standard alone application (some versions) that allow for saving of YouTube vides to the computers local hard drive. Within the stand alone application, you can specify a YouTube URL and the stream will be saved.

73% remove it

Final Video Downloader 2013 by Bitberry Software

Publisher's description - “The downloader is extremely simple to use. It integrates with your web browser, so you just have to display the video page in your browser and click the Final Video Downloader icon.”

About 75% of users remove it

Remove sfa_inst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.