installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn1.download2desktop.com.
Publisher:
ReSoft LTD.  (signed and verified)

MD5:
c0530144b1ce28ee9f2ed8e33ca313f2

SHA-1:
4fe26c2ab6c79b561d99067539ac83cf7dca9b38

SHA-256:
d2877cb209d188fd8c4e6808602c9e2ba9e09caf814f3a28fc594888d2bcc805

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 12:10:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SmartBar-A [PUP]
2014.9-140728

AVG
AdInject.Resoft.dropper
2015.0.3399

Dr.Web
Adware.Downware.1560
9.0.1.0209

ESET NOD32
Win32/Toolbar.Linkury (variant)
8.9731

Malwarebytes
PUP.Optional.Linkury.A
v2014.04.13.02

McAfee
Artemis!DE89D8867F1E
5600.7055

Reason Heuristics
PUP.ReSoft.J
14.8.8.1

VIPRE Antivirus
Adware.Linkury
26050

File size:
9.9 MB (10,350,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\installer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 2:00:00 AM

Valid to:
8/2/2015 1:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
8/7/2013 5:32:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:l5CidHseLYUKADU91h+RXDoL+UORjyi1RQLhA6uqCUXgei9:OoM0YUKADU91h+KNORjyi1RQLG74S

Entry address:
0x279FA

Entry point:
E8, CE, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 50, B0, 00, 00, 83, C4, 14, 5D, C3, E8, D3, 5E, 00, 00, 8B, 48, 6C, 3B, 0D, D8, 08, 45, 00, 74, 10, 8B, 0D, 8C, 06, 45, 00, 85, 48, 70, 75, 05, E8, 8F, 5C, 00, 00, A1, C8, 04, 45, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.9081  (probably packed)

Code size:
252 KB (258,048 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security