» installer.exe
Overview
Analysis
File Details
Downloads (1)

installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 16 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from gogeneral.blob.core.windows.net.

File name:

installer.exe

Publisher:

ReSoft LTD. (signed and verified)

MD5:

8be6aded05c452b05acd9c4aa02a49c1

SHA-1:

0861e73051b6dd9eda251021438d67638375e4ec

SHA-256:

3dafbe0ea971c2ddd8aff6c596ea1ee7903138f9aa263d0b5db084e42887a0b0

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

11/27/2024 2:06:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

872

avast!

Win32:SmartBar-A [PUP]

2014.9-140915

AVG

AdInject.Resoft

2015.0.3474

Bitdefender

Adware.Linkury.B

1.0.20.1290

Dr.Web

Trojan.Siggen5.10351

9.0.1.0258

Emsisoft Anti-Malware

Adware.Linkury

8.14.09.15.01

ESET NOD32

Win32/Toolbar.Linkury (variant)

8.10269

Fortinet FortiGate

Riskware/Toolbar_Linkury

9/15/2014

G Data

Adware.Linkury

14.9.24

MicroWorld eScan

Adware.Linkury.B

15.0.0.774

NANO AntiVirus

Riskware.Win32.Linkury.ddpups

0.28.2.61519

nProtect

Adware.Linkury.B

14.08.17.01

Panda Antivirus

PUP/LinkUry

14.09.15.01

Reason Heuristics

PUP.ReSoft.J

14.8.8.1

Trend Micro House Call

TROJ_GEN.F47V0609

7.2.258

VIPRE Antivirus

Adware.Linkury

25852

File size:

9.2 MB (9,662,976 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

7/29/2012 8:00:00 PM

Valid to:

7/30/2013 7:59:59 PM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata

Compilation timestamp:

5/21/2013 12:11:22 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:7USiniQnWR/TdADU91h+RXHrUr3ZOzsXSPz8yJml9hN/:JLQWFdADU91h+h+30AXSQYml9T

Entry address:

0x276A5

Entry point:

E8, A3, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 87, B0, 00, 00, 83, C4, 14, 5D, C3, E8, D5, 5E, 00, 00, 8B, 48, 6C, 3B, 0D, D8, 08, 45, 00, 74, 10, 8B, 0D, 8C, 06, 45, 00, 85, 48, 70, 75, 05, E8, 91, 5C, 00, 00, A1, C8, 04, 45, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83... 
[+]

Entropy:

7.9012 (probably packed)

Code size:

251 KB (257,024 bytes)

The file installer.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Installer.exe

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.