home

ie11_setup.exe

IE11 Installer

Quick Downloader

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application ie11_setup.exe, “Deploy IE11 along with various offers” by Quick Downloader has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Quick Downloader  (signed and verified)

Product:
IE11 Installer

Description:
Deploy IE11 along with various offers

Version:
11

MD5:
1097c3e6d3d63bf17e37b5e593abcd30

SHA-1:
19ee7b91b7615393158f5ce27f62860adecdcb52

SHA-256:
e7e52a10b47575e62601c3f5b4e357e6115424b5a472f5ba7809283d81ea9761

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 5:21:02 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
8.9345

herdProtect (fuzzy)
variant of firefox_downloader.exe (Adware)
2014.4.5.14

Malwarebytes
PUP.Optional.Downloadster
v2014.01.30.01

Reason Heuristics
PUP.Installer.QuickDownloader.K
14.8.7.17

Sophos
Ez Toolbar Downloader
4.97

Trend Micro House Call
TROJ_GEN.F47V0123
7.2.30

VIPRE Antivirus
InstallCore
25884

File size:
1.3 MB (1,364,896 bytes)

Product version:
11

Copyright:
©BrowsersInfo

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ie11_setup.exe

Digital Signature
Signed by:
Quick Downloader

Authority:
COMODO CA Limited

Valid from:
8/7/2013 5:00:00 PM

Valid to:
8/8/2014 4:59:59 PM

Subject:
CN=Quick Downloader, O=Quick Downloader, STREET=96 Jessie st, STREET=4th floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00886E74060345A7D9DD833C2ADF305E49

File PE Metadata
Compilation timestamp:
9/16/2013 4:17:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:p9OSiCcFYIYdv+tDUwadbW5Q+mrR3e5xW/e+qeT8hSCWUD6/vkRTRUxisP:/iSKmrR3Xe+WQY6/qTRS

Entry address:
0x110400

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, E9, 50, 00, E8, D4, 71, EF, FF, 8B, 0D, A0, A5, 51, 00, 8B, 09, B2, 01, A1, 38, 3E, 4C, 00, E8, D0, F2, F4, FF, 8B, 15, 94, A6, 51, 00, 89, 02, A1, A0, A5, 51, 00, 8B, 00, E8, D4, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, B2, 01, E8, 6E, A9, F5, FF, 8B, 0D, 78, A3, 51, 00, A1, A0, A5, 51, 00, 8B, 00, 8B, 15, F0, 1D, 50, 00, E8, C6, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, E8, F2, 8B, F5, FF, E8, 29, 4B, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6731

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,111,552 bytes)

The file ie11_setup.exe has been seen being distributed by the following 3 URLs.

http://download.browsersinfo.com/.../ie11_setup.exe

http://download-file.browsersinfo.com/download/33/.../

http://downloader.browsersinfo.com/download.php?id=8171dccdbc2704b960bfabd4e2567d1ebee95c71&z=2&p=eyJweSI6ImJpIiwicnMiOiJzYWZlIiwicnQiOiJzZWFyY2giLCJjIjoidXMiLCJvIjoid2luNyIsImIiOiJjaDMyIiwidV9pZCI6ImJpXzUyZWE4ZTI3ZTcwOTA1Ljc0NDM1NTAzIiwicGFfaWQiOiIyIiwic3RfaWQiOiIwIiwic3BfaWQiOiIwMDAwLTAwMDAiLCJ0cyI6MTM5MTEwNDgyMSwia3ciOm51bGwsImN1IjpudWxsLCJjYSI6bnVsbH0=

Remove ie11_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.