» time_stopper_setup.exe
Overview
Analysis
File Details
Downloads (1)

time_stopper_setup.exe

Inertware

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application time_stopper_setup.exe, “Prime Installer ” by Inertware has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from secure.pn-installer7.com.

File name:

Publisher:

Prime Installer (signed by Inertware)

Product:

Prime Installer

Description:

Prime Installer

Version:

3.5.9.2

MD5:

0f57bcec4820324bf6661db45538042b

SHA-1:

221483cd1f516e483fc0eeb3c239d780255c3df9

SHA-256:

8ac468d837be9211749323a46d9f748d0c293158e9d2837e0d028858e4eb44e5

Scanner detections:

24 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 10:31:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Ibryte.BM

6483355

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

Adware/iBryte.bxpj

7.11.212.68

avast!

Win32:IBryte-LH [PUP]

150101-1

AVG

AdPlugin

2016.0.3189

Bitdefender

Adware.Ibryte.BM

1.0.20.275

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Ibryte-7821

0.98/20100

Dr.Web

Trojan.DownLoader12.15685

9.0.1.05190

Emsisoft Anti-Malware

Adware.Ibryte.BM

9.0.0.4799

ESET NOD32

Win32/Adware.iBryte.BY application

7.0.302.0

F-Prot

W32/S-4a14a543

v6.4.7.1.166

F-Secure

Adware.Ibryte.BM

5.13.68

G Data

Adware.Ibryte.BM

15.2.25

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.8.6.0

Malwarebytes

PUP.Optional.SwiftBrowse

v2015.02.24.01

MicroWorld eScan

Adware.Ibryte.BM

16.0.0.165

NANO AntiVirus

Trojan.Win32.DownLoader12.dnihtg

0.30.0.296

Norman

IBryte.URL

11.20150224

Panda Antivirus

Generic Suspicious

15.02.24.01

Reason Heuristics

PUP.Installer.Adknowledge

15.2.24.1

Vba32 AntiVirus

AdWare.iBryte

3.12.26.3

VIPRE Antivirus

Threat.4733199

37788

Zillya! Antivirus

Adware.iBryte.Win32.7084

2.0.0.2079

File size:

443.9 KB (454,512 bytes)

Product version:

3.5.9.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\time_stopper_setup.exe

Digital Signature

Signed by:

Inertware

Authority:

COMODO CA Limited

Valid from:

7/13/2014 5:00:00 PM

Valid to:

7/14/2015 4:59:59 PM

Subject:

CN=Inertware, O=Inertware, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B17D2DC81A4AB47B03A1531303433731

File PE Metadata

Compilation timestamp:

1/31/2015 10:00:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:g00NGK8PRLCnC1GEmtyfpAcNATqJNV51/fYcz:IQcnC1GrtApAEQANV51/fYcz

Entry address:

0x1A363

Entry point:

E8, 5D, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, D0, A3, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, EC, B5, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, EC... 
[+]

Entropy:

6.1796

Code size:

183.5 KB (187,904 bytes)

The file time_stopper_setup.exe has been seen being distributed by the following URL.

http://secure.pn-installer7.com/o/.../Time_Stopper_Setup.exe

Remove time_stopper_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.