{5519a571-bcee-4f55-ba2b-4227b6711ecf}

Safe Stub

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The file {5519a571-bcee-4f55-ba2b-4227b6711ecf}, “Safe Installer Stub” by InstallX has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. The file has been seen being downloaded from files.safe0002.com.
Publisher:
SafeInstall, LLC  (signed by InstallX, LLC)

Product:
Safe Stub

Description:
Safe Installer Stub

Version:
1.0.2.0

MD5:
0086cdb1930be00f6fa7de295ca68628

SHA-1:
b6d9b37b938bf637339f014964bec2c5d163f92f

SHA-256:
e2a19c9274915977e1f69c670c044ff46c550f80c3b1d998356bcdcf6fd128bf

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 2:01:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11564693
821

avast!
Win32:PUP-gen [PUP]
2014.9-141105

AVG
InstallIQ
2015.0.3299

Bitdefender
Trojan.Generic.11564693
1.0.20.1545

Comodo Security
Application.Win32.InstallIQ.B
19649

Dr.Web
Trojan.DownLoader9.14179
9.0.1.0309

ESET NOD32
Win32/InstallIQ (variant)
8.10479

Fortinet FortiGate
Riskware/InstallIQ
11/5/2014

F-Secure
Trojan.Generic.11564693
11.2014-05-11_4

G Data
Trojan.Generic.11564693
14.11.24

K7 AntiVirus
Trojan
13.183.13504

Malwarebytes
PUP.Optional.SafeInstall.A
v2014.11.05.02

McAfee
Artemis!0086CDB1930B
5600.6955

MicroWorld eScan
Trojan.Generic.11564693
15.0.0.927

nProtect
Trojan.Generic.11564693
14.09.28.01

Reason Heuristics
PUP.Installer.InstallX.g
14.11.5.14

Sophos
InstallQ
4.98

VIPRE Antivirus
InstallIQ Installer
33518

File size:
890.5 KB (911,896 bytes)

Product version:
1.0.2.0

Copyright:
Copyright (C) 2014

Original file name:
safestub.exe

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/21/2013 8:00:00 PM

Valid to:
3/26/2014 8:00:00 AM

Subject:
CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
030985B5A39F75A13A497DAB8BF611F7

File PE Metadata
Compilation timestamp:
1/20/2014 6:35:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:SL+8gioo2BzMUZWglzcS/HD7qnnq8ipgFknT82zf:Sy8ezMSzxHHGnqLnT1

Entry address:
0x16AD5

Entry point:
E8, B2, 99, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, 98, 4B, 00, E8, 45, 7C, 00, 00, E8, 7F, 9B, 00, 00, 0F, B7, F0, 6A, 02, E8, 45, 99, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 26, 93, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.8048

Code size:
609.5 KB (624,128 bytes)

The file {5519a571-bcee-4f55-ba2b-4227b6711ecf} has been seen being distributed by the following URL.

Remove {5519a571-bcee-4f55-ba2b-4227b6711ecf} - Powered by Reason Core Security