installer.exe

SmileFiles Installer

Webitar Production Inc

The application installer.exe by Webitar Production Inc has been detected as adware by 25 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.download.express-files.com.
Publisher:
http://smile-files.com  (signed by Webitar Production Inc)

Product:
SmileFiles Installer

Version:
1, 0, 524, 1

MD5:
8cfce3b381e524325441c8fcc6822be3

SHA-1:
2c616c18206e105cb86683dfb8162ac194f57205

SHA-256:
52574e62d874e6a8fba81392ec9f1d0d5ac714fe9b345b8669bd1e18f5c07357

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
12/27/2024 7:49:45 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.ExpressDownloader.2
359

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.06.14

Avira AntiVirus
APPL/ExpressDown.blo
8.3.1.6

avast!
Win32:Adware-gen [Adw]
2014.9-160211

AVG
Adware Generic_r
2017.0.2837

Bitdefender
Gen:Variant.Application.Bundler.ExpressDownloader.2
1.0.20.210

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-859137
0.98/21511

Comodo Security
Application.Win32.ExpressDown.ZMIL
22441

Dr.Web
Adware.Downware.10330, Adware.Downware.9713
9.0.1.042

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.ExpressDownloader
8.16.02.11.07

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
10.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2016-11-02_5

G Data
Gen:Variant.Application.Bundler.ExpressDownloader
16.2.25

IKARUS anti.virus
AdWare.Expressdownloader
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16235

Malwarebytes
PUP.Optional.SmileFiles.A
v2016.02.11.07

MicroWorld eScan
Gen:Variant.Application.Bundler.ExpressDownloader.2
17.0.0.126

Norman
Gen:Variant.Application.Bundler.ExpressDownloader.2
11.20160211

Panda Antivirus
Trj/Genetic.gen
16.02.11.07

Reason Heuristics
PUP.WebitarProduction.Installer (M)
16.2.11.7

Sophos
PUA 'Smile Files Downloader' (of type Adware)
5.15

VIPRE Antivirus
Threat.4150696
40830

Zillya! Antivirus
Trojan.Black.Win32.26184
2.0.0.2222

File size:
3.2 MB (3,303,632 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://smile-files.com (C) 2014

Original file name:
SmileFiles.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
11/11/2014 4:00:00 AM

Valid to:
11/15/2017 4:00:00 PM

Subject:
CN=Webitar Production Inc, O=Webitar Production Inc, L=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F9F8704E151CAFCFEFEECFBBA733C63

File PE Metadata
Compilation timestamp:
3/10/2015 1:11:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:WtTWGn4+kF6uoPRkIYyxQKdM7taUSxjX5tfvgUHQpEbO3Ng9J2nZZgQuyD:A5n3VQKytvo5tAUHzaMJ20Quw

Entry address:
0x1A7EAC

Entry point:
9C, 9C, 60, C7, 44, 24, 24, 72, 4A, FB, 77, 60, C6, 44, 24, 08, B9, C7, 44, 24, 40, 11, A2, 4B, 93, 88, 64, 24, 08, 88, 2C, 24, 8D, 64, 24, 40, E9, 07, 45, 2B, 00, 32, FA, 95, 09, 23, C4, 7C, 97, DA, 67, F8, B6, 94, 78, 4A, 2E, 50, E5, E7, BB, 89, 51, F8, 00, 42, 1A, 6B, 58, D2, A2, 9E, D4, C4, 74, 04, B2, 2B, C6, 1C, 89, FA, 06, C2, 36, 76, C0, 9C, E7, 36, 20, ED, AF, EB, 95, 13, 4E, 7C, 14, 36, FA, C8, B8, B0, E0, D6, FF, ED, 09, 6F, 7E, 66, 59, A0, 98, 5E, AF, FC, 4B, 4C, 89, 41, 83, 4F, 7B, A1, AF, 95...
 
[+]

Entropy:
7.9940  (probably packed)

Code size:
782 KB (800,768 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security