fecf322c189ec8a39591a267355e9327.exe

Build Input

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application fecf322c189ec8a39591a267355e9327.exe, “Fusion Install ” by Build Input has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from downloadsinstant.com.
Publisher:
Fusion Install   (signed by Build Input)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
fecf322c189ec8a39591a267355e9327

SHA-1:
8bf06d800714515f54782c1eee09b24620263356

SHA-256:
8309ff7996fb34bd9225ee8c8b5eec3c38ee7fd6815159e59b177d1292ff5b13

Scanner detections:
39 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/28/2024 2:46:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1618449
905

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
2014.08.14

Avira AntiVirus
TR/Click.Clikug.A.34
7.11.142.94

avast!
Adware-gen [Adw]
2014.9-140814

AVG
Clicker
2015.0.3383

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.14814

Bitdefender
Trojan.GenericKD.1618449
1.0.20.1130

Clam AntiVirus
Win.Adware.Ibryte-592
0.98/19086

Comodo Security
Application.Win32.iBryte.WRP
18251

Dr.Web
Trojan.Click3.5306
9.0.1.0226

Emsisoft Anti-Malware
Trojan.GenericKD.1618449
8.14.08.14.02

ESET NOD32
Win32/GigaClicks.AD (variant)
8.9734

Fortinet FortiGate
W32/Malware_fam.NB
8/14/2014

F-Prot
W32/A-c255719d
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1618449
11.2014-14-08_5

G Data
Trojan.GenericKD.1618449
14.8.24

herdProtect (fuzzy)
2014.10.28.10

IKARUS anti.virus
Trojan-Clicker.BFNI
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11711

Kaspersky
Trojan-Clicker.Win32.Agent
14.0.0.3409

Malwarebytes
PUP.Optional.GigaClicks.A
v2014.08.14.02

McAfee
Artemis!0FF2B0F7AD04
5600.7039

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Trojan.GenericKD.1618449
15.0.0.678

NANO AntiVirus
Trojan.Win32.Adpeak.cumkpw
0.28.0.59826

nProtect
Trojan.GenericKD.1618449
14.04.10.01

Panda Antivirus
Suspicious file
14.08.14.02

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
8.14.12.00

Reason Heuristics
PUP.Installer.BuildInput.a
14.8.25.1

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.141026

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10272

Trend Micro House Call
TROJ_CLIKUG.A
7.2.226

Trend Micro
TROJ_CLIKUG.A
10.465.14

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Clicker
28188

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
132.4 KB (135,544 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2014 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fecf322c189ec8a39591a267355e9327.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/23/2014 5:00:00 PM

Valid to:
3/24/2015 4:59:59 PM

Subject:
CN=Build Input, O=Build Input, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0093C151407610A7B56F799C03CB8D955D

File PE Metadata
Compilation timestamp:
5/11/2014 1:04:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:C+0YBsBE3ain2Q5xq10DZYzI1wHCrbrhqr1L0wVQMw3zEfkwLaDZ:CjnBTi2CRDZYzIq6btqr1PQMw32kFZ

Entry address:
0x322E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, AF, 47, 00, E8, 9F, 2E, 00, 00, A3, A4, AE, 47, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, 01, 44, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 2E, 47, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, B0, 4C, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Entropy:
4.9725

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file fecf322c189ec8a39591a267355e9327.exe has been seen being distributed by the following URL.

Remove fecf322c189ec8a39591a267355e9327.exe - Powered by Reason Core Security