fvdplayer.exe

InstallIQ

Kuzma Safonov

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The application fvdplayer.exe, “InstallIQ Installation Utility” by Kuzma Safonov has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallIQ Installation Manager installer.
Publisher:
InstallX, LLC  (signed by Kuzma Safonov)

Product:
InstallIQ

Description:
InstallIQ Installation Utility

Version:
1.128.0.0

MD5:
65d6218c6dcf2fb64cca66818aa82808

SHA-1:
016255226b32cf507dde39097770b7dd04aa8e61

SHA-256:
e736e91f166540d6f331115e0db6c333e037097711cdb71e0cc2f9c830e9a89b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 12:34:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.22.18

File size:
445.1 KB (455,776 bytes)

Product version:
1.128.0.0

Copyright:
Copyright ©2013 InstallX, LLC. All rights reserved.

Original file name:
InstallIQStub.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fvdplayer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/6/2013 3:00:00 AM

Valid to:
3/7/2014 2:59:59 AM

Subject:
CN=Kuzma Safonov, O=Kuzma Safonov, STREET=Yunis-Abad 15-43-18, L=Tashkent, S=TO, PostalCode=700180, C=UZ

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3D3E9E49F69694F758C95CA1A2192AF2

File PE Metadata
Compilation timestamp:
4/19/2013 7:34:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:2Xbw0IFcHPRjuPOn2TfQO4vrcL/x265ov3:Gbw0qPOn2TfQOmrcDx265K3

Entry address:
0xD61E

Entry point:
E8, C5, 85, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, E4, 91, 46, 00, 00, 74, 05, E9, 79, 86, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75...
 
[+]

Entropy:
6.4272

Code size:
298 KB (305,152 bytes)

Remove fvdplayer.exe - Powered by Reason Core Security