infoatoms-setup.exe

InfoAtoms

InfoAtoms Inc.

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application infoatoms-setup.exe, “InfoAtoms Installer” by InfoAtoms has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from d3no886hnxa7m9.cloudfront.net and multiple other hosts.
Publisher:
InfoAtoms Inc.  (signed and verified)

Product:
InfoAtoms

Description:
InfoAtoms Installer

Version:
1.6.0.1

MD5:
c8adb4005586a9dfe4114063ab187723

SHA-1:
caff3d9cea45ad8d47c184840b52f404ed9235ae

SHA-256:
adc359b18bac778338087aa140f2cfb7d31b621f5d7e079148062e67e4cfc66c

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
12/25/2024 1:40:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.552468
1058

Avira AntiVirus
Adware/InfoAtoms.A.10
7.11.136.228

avast!
Win32:InfoAtoms-A [Adw]
2014.9-140314

Bitdefender
Adware.Generic.552468
1.0.20.365

Bkav FE
W32.Clodc2a.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt
17925

Dr.Web
Adware.Plugin.70
9.0.1.073

Emsisoft Anti-Malware
Adware.Generic.552468
8.14.03.14.10

ESET NOD32
Win32/AdWare.Vitruvian (variant)
8.9540

F-Secure
Adware.Generic.552468
11.2014-14-03_6

G Data
Adware.Generic.552468
14.3.24

IKARUS anti.virus
AdWare.Win32.InfoAtoms
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11436

Microsoft Security Essentials
Threat.Undefined
1.167.1881.0

MicroWorld eScan
Adware.Generic.552468
15.0.0.219

NANO AntiVirus
Trojan.Win32.Plugin.cultss
0.28.0.58394

Quick Heal
Adware.InfoAtoms (Not a Virus)
3.14.12.00

Reason Heuristics
PUP.Installer.InfoAtoms.P
14.3.14.10

Sophos
Generic PUA OJ
4.98

Trend Micro House Call
TROJ_GEN.R0CBOH0AO14
7.2.73

VIPRE Antivirus
InfoAtoms
27358

File size:
1.1 MB (1,194,256 bytes)

Product version:
1.6.0.1

Copyright:
Copyright 2012 InfoAtoms Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\infoatoms-setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/25/2013 1:14:09 PM

Valid to:
4/3/2014 4:35:07 PM

Subject:
CN=InfoAtoms Inc., O=InfoAtoms Inc., L=La Jolla, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B62AFD2CD47BB

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:syP6Wqwqd1Pznx9ey1AuK3A5m5x4iQbyiDe8fCR/sYX5l+rgw7/g8SM:vP65wqdL9eEcxxQbU82w8m

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9841

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file infoatoms-setup.exe has been seen being distributed by the following 2 URLs.

Remove infoatoms-setup.exe - Powered by Reason Core Security