installation.exe

Liniad Media

The application installation.exe by Liniad Media has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get.file14desktop.com.
Publisher:
Liniad Media  (signed and verified)

MD5:
961eb1f7a033f22b71672467b4f04585

SHA-1:
84b29fc732a0154759d287d8503ec37252509b0a

SHA-256:
6d0f8ed004037f4025540516aabf08334a847a5f4faa9d4c28e03cfcda7e7259

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/28/2024 11:42:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Trojan.OutBrowse.70
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
11.5.0.6191

ESET NOD32
Win32/OutBrowse.BC potentially unwanted application
8.0.319.0

McAfee
Program.Adware-OutBrowse.c
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1277.0

Norman
Application.Bundler.Outbrowse.BA
13.04.2016 10:11:06

Reason Heuristics
PUP.OutBrowse (M)
16.4.15.1

VIPRE Antivirus
Threat.5168392
48236

File size:
564.5 KB (578,000 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installation.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
9/4/2014 4:42:04 PM

Valid to:
8/25/2015 3:13:46 PM

Subject:
CN=Liniad Media, O=Liniad Media, L=Tel Aviv, C=IL

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B980A0176F0EC

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/pDu1+KH2r9Vtearcg0be2oYXb8+5OlonOIf2IRg:/tu1dH2ZVt1rcgmx8+5OloOy2l

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9768

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installation.exe has been seen being distributed by the following URL.

Remove installation.exe - Powered by Reason Core Security