» installation.exe
Overview
Analysis
File Details

installation.exe

Liniad Media

The application installation.exe by Liniad Media has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

installation.exe

Publisher:

Liniad Media (signed and verified)

MD5:

2d4cc1850d218fc661bfc5476afc759f

SHA-1:

2c527052e4d5404f7324f94a7c104b8e72395f57

SHA-256:

fb411d46e989686e4a7f6d805acd40ce29dfa17cbf7e9673cd832be30f78847d

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/27/2024 5:51:43 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.OutBrowse.70

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse.BA

11.5.0.6191

ESET NOD32

Win32/OutBrowse.BC potentially unwanted application

8.0.319.0

F-Secure

Riskware.Application.Bundler.Outbrowse

5.15.96

McAfee

Program.Adware-OutBrowse.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1277.0

Norman

Application.Bundler.Outbrowse.BA

13.04.2016 10:11:06

Reason Heuristics

PUP.OutBrowse (M)

16.4.15.1

File size:

564.5 KB (578,000 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installation.exe

Digital Signature

Signed by:

Liniad Media

Authority:

GoDaddy.com, Inc.

Valid from:

9/4/2014 4:42:04 PM

Valid to:

8/25/2015 3:13:46 PM

Subject:

CN=Liniad Media, O=Liniad Media, L=Tel Aviv, C=IL

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B980A0176F0EC

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:AqDu1+KH2r9Vtearcg0be2oYXb8+5OlonOIf2IRG:Aou1dH2ZVt1rcgmx8+5OloOy2r

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9768

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove installation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.