installer.exe

ReSoft LTD.

The application installer.exe by ReSoft has been detected as adware by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from gogeneral.blob.core.windows.net.
Publisher:
ReSoft LTD.  (signed and verified)

MD5:
a9ebafc68d98cee5df79ffe661b170fb

SHA-1:
c0038ff952b73e9d4250c13f2cc446e8385dbc01

SHA-256:
4c1b2cfde6c16108b64a283e11d4b4f133ff24fdd1f7cfbb70351577debb7c14

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/27/2024 2:06:23 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1560
9.0.1.0356

Malwarebytes
PUP.Optional.Linkury.A
v2013.12.22.01

Reason Heuristics
PUP.ReSoft.J
14.8.8.0

Trend Micro House Call
TROJ_GEN.F47V1105
7.2.356

VIPRE Antivirus
Adware.Linkury
24574

File size:
10.2 MB (10,706,976 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/31/2013 9:00:00 PM

Valid to:
8/1/2015 8:59:59 PM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
10/31/2013 1:06:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:BUEsjYOqZakADU91h+RXc5+89fJo+qfn2Uc/GPnRf/IoIOiAR:f1VakADU91h+kBrqfZIoz

Entry address:
0x27B3A

Entry point:
E8, CE, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, B2, B0, 00, 00, 83, C4, 14, 5D, C3, E8, D0, 5E, 00, 00, 8B, 48, 6C, 3B, 0D, D8, 08, 45, 00, 74, 10, 8B, 0D, 8C, 06, 45, 00, 85, 48, 70, 75, 05, E8, 8C, 5C, 00, 00, A1, C8, 04, 45, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Code size:
252 KB (258,048 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security