home

INSTALLIUM LTD

Publisher Information

INSTALLIUM LTD is a software publisher located in TEL AVIV-JAFFA, Israel*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
COMODO CA Limited

Valid from:
8/27/2014 8:00:00 PM

Valid to:
8/28/2015 7:59:59 PM

Subject:
CN=INSTALLIUM LTD, O=INSTALLIUM LTD, STREET=1 Habarzel, L=TEL AVIV-JAFFA, S=Israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00aa664a4ed27b0b9fcb4d4d95626edd86

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.INSTALLIUM.J, PUP.Installer.INSTALLIUM.F, PUP.INSTALLIUM.Z, PUP.INSTALLIUM.H, PUP.INSTALLIUM.F, PUP.INSTALLIUM.K, PUP.INSTALLIUM.O, PUP.INSTALLIUM (M), PUP.INSTALLIUM.Installer (M), PUP.INSTALLI.Installer (M), PUP.INSTALLI (M), PUP (M)
100.00%

AVG
Generic, Jenkatedia
50.00%

K7 AntiVirus
Unwanted-Program
48.00%

Dr.Web
Trojan.Crossrider.36271
42.00%

McAfee
Artemis!EA6CAA8F2C0F, Artemis!1AEE1D65B803, Artemis!3AD743167D64, Artemis!093273F58957, Artemis!82613833FB80, Artemis!128A17D1C847, Artemis!F0988E36483B, Artemis!C9482E756630, Artemis!BE691BD6E318, Artemis!18FFF5CBE1E2, Artemis!21179B9D3137, Artemis!C42C8E67DADC
28.00%

Malwarebytes
PUP.Optional.CrossRider, PUP.Optional.CrossRider.A, PUP.Optional.SearchProtect.A, Adware.Downloader, PUP.Optional.DonutLeads.A
26.00%

Vba32 AntiVirus
Trojan.GoogUpdate, suspected of Trojan.Downloader.gen.h, Downloader.Agent
26.00%

Trend Micro House Call
TROJ_GEN.R03EC0EK914, TROJ_GE.446B56D5, TROJ_SPNR.0BJG14, TROJ_GE.6E5F7F00, TROJ_GE.3FFB83D0, Suspici.8954B66E, Suspici.709A6E31
24.00%

ESET NOD32
Win32/Installium
24.00%

NANO AntiVirus
Riskware.Nsis.Adwrapper.dgzfbk, Riskware.Win32.Agent.dffaai, Riskware.Win32.Agent.dfewpw, Trojan.Win32.Conduit.deinwc, Trojan.Win32.Crossrider.depbyv
22.00%

1 / 68      (Adware)
vuupc_1209-52037a10.exe  (afddfa075455970be9ef511e217c3226)

1 / 68      (Adware)
setup.exe  (affa9c8c22db4a09d7e781b03b5c3c2c)

1 / 68      (Adware)
setup.exe  (fca8d17ed117cc79ee2c9abfe837efb4)

1 / 68      (Adware)
hd_quality_us.exe  (48e36f7984514ea06aa3ae93331bd1a9)

1 / 68      (Adware)
offer1.exe  (85ae99c8a9a8f64eeaaa9454c2f48705)

1 / 68      (Adware)
knctr.exe  (019ce760a9765656d2ec2fd8673e1356)

1 / 68      (Adware)
setup.exe  (ba1313b634c04f0bfebcc7e0723fd21f)

1 / 68      (Adware)
setup_402.exe  (e6ec2dac280c9cbf9443a09ca825d4a1)

1 / 68      (Adware)
setup.exe  (0d25cc0d971afee7db0d863f96f7ab50)

1 / 68      (Adware)
setup.exe  (17c0159ba6c23b99d15e8d0b1bf4c4dd)

1 / 68      (Adware)
setup.exe  (d2400e019afff344eccf9be3c7631ef7)

1 / 68      (Adware)
setup.exe  (a515c671eb387e4e0f3ae70c1c88fee3)

1 / 68      (Adware)
setup.exe  (6e8d886f779f0355305e8681b3573ea2)

1 / 68      (Adware)
setup.exe  (a35ac2ccafbcd28856360e04f4d9af35)

1 / 68      (Adware)
setup.exe  (8d3d1754a436f1b82d5a89e1c9d95150)

1 / 68      (Adware)
setup.exe  (2c19bb010defc495e490fda3bfd8eeec)

1 / 68      (Adware)
offer1.exe  (f773e955e6ef43b13435936268b2de15)

1 / 68      (Adware)
setup.exe  (f97594bf5cea94c53b6b6d81c7878e55)

1 / 68      (Adware)
elextech.exe  (2675fbd08e2e90fb6a50329879cbf6dc)

1 / 68      (Adware)
setup_402.exe  (92daa93687adab929d47c550e8b7c989)

1 / 68      (Adware)
setup.exe  (4d38ad3e0005a0d161f8cac8eb02b951)

1 / 68      (Adware)
search_protect_1209-36452de7.exe  (d127376de53dd579f0f70d34feb36c62)

1 / 68      (Adware)
setup.exe  (6d98384e213717e64c1bc466af26164d)

1 / 68      (Adware)
9340471799  (7f692a63c3eca9cddbfa1da7a21af2fe)

10 / 68    (Adware)
elextech_ium4.exe  (ab8618743ebc0d7a066d2b2919225b0e)

14 / 68    (Adware)
looksafe.exe  (c42c8e67dadc24fc2dd4e823b2133803)

10 / 68    (Adware)
compete.exe  (5e9b7ed7f1f9e93ccde57f326e1b71b7)

9 / 68      (Adware)
gamehug_arcade.exe  (6015844205560ca13a4e6732c8e46684)

7 / 68      (Adware)
no_problem.exe  (21179b9d3137c404a434ae1b642e5720)

7 / 68      (Adware)
compete.exe  (1947b07116664ec3171eab28c81c9b24)

 
Latest 30 of 77 files

Downloads URLs for files signed by INSTALLIUM LTD.

10 / 68    (Adware)
http://cdn.pompaap.com/.../Compete.exe  (5e9b7ed7f1f9e93ccde57f326e1b71b7)

1 / 68      (Adware)
http://dl.bestware.org//services/api/installer/.../directInstaller?locale=en_US&api=14&cn=FreeHDVideoPlayer&CID=282456&publisher=ff8080814730003e0147300e4e230000&pageid=scpa_us&installerid=ff8080814445fc8201444917f2740006&afid=296951&affiliatereferenceid=004593244014177015019&affiliatecommission=PRICE  (setup.exe)

4 / 68      (Adware)
http://cdn.pompaap.com/.../KNCTR.exe  (71b0fafb527a17ee2cf988ae8b682c9e)

6 / 68      (Adware)
http://cdn.pompaap.com/.../Compete.exe  (68b7d3ee3b6e73816479f2099f78bc66)

11 / 68    (Adware)
http://cdn.pompaap.com/.../Search_Protect_non_Google.exe  (073c7ee8711b198fef6c5514477aaf91)

9 / 68      (Adware)
http://cdn.pompaap.com/.../GameHug_Arcade.exe  (6015844205560ca13a4e6732c8e46684)

5 / 68      (Adware)
http://cdn.pompaap.com/.../Compete.exe  (fe197a39af7669de22ea4915d9d0eb45)

9 / 68      (Adware)
http://cdn.pompaap.com/.../Compete.exe  (0830b178dca5257520239e17cee01cbd)

14 / 68    (Adware)
http://vzbucket.maxrevinstaller.com/.../LookSafe.exe  (c42c8e67dadc24fc2dd4e823b2133803)

The following websites host and distribute files published by INSTALLIUM LTD.

vzbucket.maxrevinstaller.com

cdn.pompaap.com

dl.bestware.org

The certificates below are also signed by INSTALLIUM LTD.

0080F2A0BD5663CE9E92A60187A6BB5B0D  (Apr 03, 2014 to Apr 04, 2015)

00A9C5DEFC7BFC682621B9876DFC5F23EF  (Feb 24, 2014 to Feb 25, 2015)

The following publishers (by Authenticode signature organization name) are related.

TRIORIS LLC

Hefei Zhimingxingtong Software&Technology Co., Ltd.

Ttessab

Local Weather LLC

Browse Pax

Conduit Ltd.

PC Utilities Software Limited

Smart PC Solutions, Inc.

Safe Download Limited

Firseria

Search Snacks, LLC

Super Downloads

Install Manager

HypeNet

ClientConnect LTD

PayByAds ltd.

Fu Yu

PriceGong Software Ltd

SoftBrain Technologies Ltd.

LLC

Passion Fruit Tech

* Note, the details and description above are based on the code signing digital signature issued to INSTALLIUM LTD by COMODO CA Limited on August 27, 2014 with the serial number '00aa664a4ed27b0b9fcb4d4d95626edd86'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.