installation.exe

Installation

The application installation.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from getm.down1209group.info.
Product:
Installation

Version:
1.9.3.0

MD5:
8f11ecf2c786ad4b2311f0b917d12508

SHA-1:
c4a7ab98c30ee394bd945d8e7c3161671eb60d70

SHA-256:
86d25ea3928dc043de1ed6073e531b37cb96fa8dd487d39048be4c3df130c054

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 5:58:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.4
6300826

Agnitum Outpost
PUA.Downloader
7.1.1

Avira AntiVirus
PUA/Softpulse.Gen
3.6.1.96

avast!
OutBrowse-FF [PUP]
150319-1

AVG
Potentially harmful program Downloader.DTF
2014.0.4311

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.4
1.0.20.445

Dr.Web
infected with Trojan.OutBrowse.109
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/30/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-30-03_2

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.3.25

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.4
16.0.0.267

NANO AntiVirus
Trojan.Win32.OutBrowse.dojhzi
0.30.8.659

Quick Heal
Adware.NSIS.OutBrowse.A
3.15.14.00

Sophos
Generic PUA AE
4.98

Trend Micro House Call
TROJ_GE.53B38312
7.2.89

Trend Micro
TROJ_GE.53B38312
10.465.30

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
38552

File size:
1.1 MB (1,126,039 bytes)

Product version:
1.9.3.0

Copyright:
Installation

Original file name:
Ionic.Zip-2015Feb23-211843-7298d531-fb2e-4449-8c2a-34c819b81de1.exe

File type:
Executable application (Win32 EXE)

Language:
Nezavisno od jezika

Common path:
C:\users\{user}\downloads\installation.exe

File PE Metadata
Compilation timestamp:
2/23/2015 10:18:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:/bSaE4mvt/KePhln5bL1Qg7woOAvkildar:/bSv4mv0eJl5dQqwonqr

Entry address:
0x7604E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464.5 KB (475,648 bytes)

The file installation.exe has been seen being distributed by the following URL.

Remove installation.exe - Powered by Reason Core Security