home

torrentdownload.exe

KeepAppIt Software

This uses the software InstalleRex download manager which bundles a number of adware plugin and browser extensions and is distributed via TusFiles. The application torrentdownload.exe, “Installer for KeepAppIt Software” has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Tarma Installer installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
KeepAppIt Software

Product:
KeepAppIt Software

Description:
Installer for KeepAppIt Software

Version:
2014.9.2.1518

MD5:
4208086a0f1c5dbf8d75c417b6e19889

SHA-1:
9ef1d4aa490cc91ffe3942c6fa46ffb4994f3383

SHA-256:
1a346a0565fcb0a937f3cc5e4dd902eabf134212221ee8f15f84eb1a6fe10576

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/25/2024 11:20:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11679719
838

AegisLab AV Signature
Troj.W32.AntiFW
2.1.4+

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.TSULoader
2014.10.20

Avira AntiVirus
Adware/InstallRex.b.118
7.11.179.162

avast!
Win32:InstalleRex-DH [PUP]
141003-0

Bitdefender
Trojan.Generic.11679719
1.0.20.1460

Bkav FE
W32.FamVT.AntiFWK.Trojan
1.3.0.4959

Comodo Security
Application.Win32.InstalleRex.KG
19852

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.11679719
8.14.10.19.05

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.4161048
10/19/2014

F-Secure
Trojan.Generic.11679719
11.2014-19-10_1

G Data
Trojan.Generic.11679719
14.10.24

K7 AntiVirus
Trojan
13.184.13727

Kaspersky
Trojan.Win32.AntiFW
15.0.0.494

Malwarebytes
PUP.Optional.Installrex
v2014.10.19.05

McAfee
PUP-FMK
5600.6972

MicroWorld eScan
Trojan.Generic.11679719
15.0.0.876

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
0.28.2.62671

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.A5
10.14.14.00

Reason Heuristics
Adware.WebPick.Installer.P
14.10.19.17

Vba32 AntiVirus
Downware.TSU
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Trojan.AntiFW.Win32.509
2.0.0.1959

File size:
311 KB (318,424 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 KeepAppIt Software

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
Tarma Installer

Common path:
C:\users\{user}\downloads\torrentdownload.exe

File PE Metadata
Compilation timestamp:
3/12/2013 10:51:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:trJbUzkuvcBYC47l2xa6CMmKzqKF+xaG/41aS9iKaX45ci:tr6kuveY3j6CBK2i+x1w179izRi

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

Remove torrentdownload.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.