freedomdownload.exe

SafeInstaller

SecureInstall, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application freedomdownload.exe by SecureInstall has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. The file has been seen being downloaded from track.cmllk2.info.
Publisher:
SafeInstall, LLC  (signed by SecureInstall, LLC)

Product:
SafeInstaller

Description:
Safe Installer

Version:
1.0.39.0

MD5:
1eb84dbc501c1d3746eaf00030118c69

SHA-1:
558ff2e21986488b67eac5b4b4c87173ed4868df

SHA-256:
c6aea31997d8cc77e7aa63d1efda53b55f58c26a35683b72ab07d2843b209e89

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 11:10:00 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic_r
2015.0.3389

Dr.Web
Adware.Downware.2512
9.0.1.0134

ESET NOD32
Win32/InstallIQ (variant)
8.9787

K7 AntiVirus
Unwanted-Program
13.177.11951

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3440

Malwarebytes
PUP.Optional.SafeInstall.A
v2014.05.14.04

McAfee
Artemis!1EB84DBC501C
5600.7130

NANO AntiVirus
Riskware.Win32.Searcher.csnymk
0.28.0.59608

Panda Antivirus
Trj/Chgt.C
14.08.08.12

Reason Heuristics
PUP.Installer.SecureInstall.P
14.8.8.0

Rising Antivirus
PE:PUF.InstallIQ!1.9E4F
23.00.65.14512

Sophos
InstallQ
4.98

Total Defense
Win32/Tnega.DVfFGD
37.0.10960

Trend Micro House Call
TROJ_GEN.F47V0509
7.2.134

VIPRE Antivirus
InstallIQ Installer
29122

File size:
1.7 MB (1,817,464 bytes)

Product version:
1.0.39.0

Copyright:
Copyright (C) 2014

Original file name:
safeinstall.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\freedomdownload.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
11/19/2013 1:00:00 AM

Valid to:
11/24/2014 1:00:00 PM

Subject:
CN="SecureInstall, LLC", O="SecureInstall, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
073E5B30FA98352DDA4DA1FD7215A72F

File PE Metadata
Compilation timestamp:
4/30/2014 1:06:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:UH+DdFJMLKi214/Pm8Bo5ywGP/XViuiPSd4nuuxaKFW8pPJr4r44RuqHfJXPy0Tp:S+CBlW+/ug8Hr4DRuCPy1lT2F/hXN

Entry address:
0x5258D

Entry point:
E8, 00, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 38, 53, 00, E8, 3D, 2B, 00, 00, E8, CD, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 93, 3A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 74, 34, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
1016.5 KB (1,040,896 bytes)

The file freedomdownload.exe has been seen being distributed by the following URL.

Remove freedomdownload.exe - Powered by Reason Core Security