home

whitesmoke 2012.exe

InstallBrain Installer

WhiteSmoke Inc

The application whitesmoke 2012.exe by WhiteSmoke Inc has been detected as adware by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
InstallBrain  (signed by WhiteSmoke Inc)

Product:
InstallBrain Installer

Version:
14,1,1,3

MD5:
59690e64cade732b9799ce0346539d97

SHA-1:
5497ad5db6feb5bc0f6f70be91006cf8000516e4

SHA-256:
ce60dbd76ec83e1ac8b8920179199fdeb110105a3bc937d81735bfc0691c30b8

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:
4/24/2024 3:54:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11237334
589

Agnitum Outpost
Trojan.Obfuscated
7.1.1

Avira AntiVirus
TR/Obfuscated.NEU.21
7.11.160.46

Bitdefender
Trojan.Generic.11237334
1.0.20.880

Comodo Security
UnclassifiedMalware
18843

Dr.Web
Adware.Downware.314
9.0.1.0176

Emsisoft Anti-Malware
Trojan.Generic.11237334
8.15.06.25.05

ESET NOD32
Win32/Obfuscated.NEU (variant)
9.10080

F-Secure
Trojan.Generic.11237334
11.2015-25-06_5

G Data
Trojan.Generic.11237334
15.6.24

IKARUS anti.virus
Trojan-Downloader.Win32.Brantall
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12683

Malwarebytes
Adware.InstallBrain
v2015.06.25.05

McAfee
Artemis!59690E64CADE
5600.6723

Microsoft Security Essentials
TrojanDownloader:Win32/Brantall.B
1.10701

MicroWorld eScan
Trojan.Generic.11237334
16.0.0.528

NANO AntiVirus
Trojan.Win32.Downware.cramru
0.28.0.60698

nProtect
Trojan.Generic.11237334
14.07.11.01

Reason Heuristics
PUP.WhiteSmoke.InstallBrain.Installer (M)
15.6.25.13

Rising Antivirus
PE:Trojan.Win32.Generic.12E762AB!317153963
23.00.65.15623

Sophos
InstallBrain
4.98

VIPRE Antivirus
InstallBrain
31174

Zillya! Antivirus
Adware.WhiteSmoke.Win32.2750
2.0.0.1855

File size:
581.9 KB (595,864 bytes)

Product version:
14,1,1,3

Copyright:
Copyright 2011

Trademarks:
InstallBrain

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\new folder\whitesmoke 2012\whitesmoke 2012.exe

Digital Signature
Signed by:
WhiteSmoke Inc

Authority:
VeriSign, Inc.

Valid from:
6/29/2011 1:00:00 AM

Valid to:
7/8/2013 12:59:59 AM

Subject:
CN=WhiteSmoke Inc, OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WhiteSmoke Inc, L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
64048D72F9FFEF12A43FC4F4CEA580E3

File PE Metadata
Compilation timestamp:
5/18/2012 9:07:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:OZCSUTHfAyLQ9JcjoNY7dLY6zRcomopH61dNm3Dae/JwbF0okkGjPS:OZCStMcJ9wYHomommz5W0oJGjPS

Entry address:
0x1B64D

Entry point:
E8, 20, 4A, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 04, 00, 43, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, E8, 4A, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, D4, B7, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9...
 
[+]

Entropy:
7.6994

Code size:
154 KB (157,696 bytes)

Remove whitesmoke 2012.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.