» updater_setup.exe
Overview
Analysis
File Details

updater_setup.exe

TINY INSTALLER

Tiny Installer is a download manager variant from Adknowledge that packages various adware-type offers (toolbar, coupon extensions, utilities) with software distributions. The application updater_setup.exe, “Premium Installer ” by TINY INSTALLER has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

updater_setup.exe

Publisher:

Premium Installer (signed by TINY INSTALLER)

Product:

Premium Installer

Description:

Premium Installer

Version:

2.4.8.1

MD5:

638efa5aa529aa23d87f80d2592162f4

SHA-1:

ae24a454d8bd9c1070c6499f3030b9e79120b117

SHA-256:

3dbe52951c4aa9a927c2d07c1b26be11ecaee76191beeda5c7025378869f8023

Scanner detections:

27 / 68

Status:

Adware

Explanation:

The Tiny Installer download manager bundles various adware components.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/18/2024 12:35:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.OptimumInstaller.1

928

Agnitum Outpost

Riskware.AdWare

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2014.01.11

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.138.228

avast!

Win32:IBryte-BY [PUP]

140617-1

AVG

Adware Skodna.Generic.ASS

2014.0.3986

Bitdefender

Gen:Variant.Application.Bundler.OptimumInstaller.1

1.0.20.1015

Comodo Security

Application.Win32.Adware.iBryte.BD

17589

Dr.Web

Trojan.Packed.25586

9.0.1.05190

ESET NOD32

Win32/AdWare.iBryte.L.gen application

7.0.302.0

F-Prot

W32/A-b6581ad9

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-22-07_3

G Data

Win32.Adware.Ibryte

14.7.22

IKARUS anti.virus

Trojan.Win32.Buzus

t3scan.2.2.29

K7 AntiVirus

Adware

13.175.10807

Kaspersky

not-a-virus:AdWare.Win32.iBryte

15.0.0.494

Malwarebytes

PUP.Optional.iBryte

v2014.07.22.09

MicroWorld eScan

Gen:Variant.Application.Bundler.OptimumInstaller.1

15.0.0.609

NANO AntiVirus

Riskware.Win32.Downware.cqrpld

0.28.0.57029

nProtect

Trojan-Clicker/W32.iBryte.2505000

14.03.25.01

Panda Antivirus

Trj/Genetic.gen

14.07.22.09

Reason Heuristics

PUP.Installer.TINYINSTALLER.N

14.8.8.3

Rising Antivirus

PE:PUF.iBryte!1.9E1A

23.00.65.14720

Sophos

iBryte Optimum Installer

4.96

Vba32 AntiVirus

AdWare.iBryte

3.12.24.3

VIPRE Antivirus

Optimum Installer

25296

Zillya! Antivirus

Adware.iBryte.Win32.720

2.0.0.1776

File size:

2.5 MB (2,670,888 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\updater_setup.exe

Digital Signature

Signed by:

TINY INSTALLER

Authority:

VeriSign, Inc.

Valid from:

6/3/2013 2:00:00 AM

Valid to:

6/4/2014 1:59:59 AM

Subject:

CN=TINY INSTALLER, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TINY INSTALLER, L=Wilmington, S=Delaware, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

54C184C0CB6B6510B3582483FC098463

File PE Metadata

Compilation timestamp:

1/10/2014 11:39:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:jds6PQcOsIkwOK1JmYwqYyXWQzicroH6en8jhET2gBjP8/ZfHBGBdt2Nx:jXPQ5sIkw/ghyHroHz8jhET/BQ/VBu2j

Entry address:

0x79ED5

Entry point:

E8, BE, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, C0, 8C, 4B, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 98, 62, 68, 00, 77, 22, 6A, 04, E8, C1, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 23, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, A4, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, F4, 4E, 68, 00, 00, 75, 18, E8, F9, 81, 00, 00, 6A, 1E, E8, 21, 80, 00, 00, 68, FF, 00, 00, 00, E8, 37, 4D, 00, 00, 59, 59, A1... 
[+]

Code size:

663.5 KB (679,424 bytes)

Remove updater_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.