installer.exe

Linkury

This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. The application installer.exe by Linkury has been detected as adware by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.
Publisher:
Linkury  (signed and verified)

MD5:
b958114d97202ada815f3580f5c09348

SHA-1:
c3e2eea43263cc610aa91f562ece2b1562012bca

SHA-256:
0b7b189d1e50350087c142a730586950eddf08dd3dc4b46b0c8b287433a696fc

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
11/27/2024 1:49:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Linkury.B
960

Agnitum Outpost
PUA.Toolbar.Linkury
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-140619

Bitdefender
Adware.Linkury.B
1.0.20.850

Dr.Web
Adware.Linkury.3
9.0.1.0170

Emsisoft Anti-Malware
Adware.Linkury
8.14.06.19.03

ESET NOD32
Win32/Toolbar.Linkury (variant)
8.9962

Fortinet FortiGate
Riskware/Toolbar_Linkury
6/19/2014

G Data
Adware.Linkury
14.6.24

McAfee
Artemis!B958114D9720
5600.7094

MicroWorld eScan
Adware.Linkury.B
15.0.0.510

Panda Antivirus
PUP/LinkUry
14.06.19.03

Reason Heuristics
PUP.Linkury.J
14.8.7.19

Trend Micro House Call
Suspicious_GEN.F47V0612
7.2.170

VIPRE Antivirus
Adware.Linkury
30416

File size:
10.5 MB (11,016,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\installer.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/12/2012 1:00:00 AM

Valid to:
5/12/2015 12:59:59 AM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
6/11/2014 1:30:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:sK82iCoHPfYGBXIBnNGYldcANGeJX80A+ShiiRT0fkAPxJf6u:fovfYGRZYT5jJG+UiPPJf

Entry address:
0x30596

Entry point:
E8, 1E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 1D, E8, FA, 1C, 00, 00, 83, 20, 00, E8, DF, 1C, 00, 00, C7, 00, 16, 00, 00, 00, E8, D8, 3F, 00, 00, 83, C8, FF, 5D, C3, FF, 75, 08, FF, 15, 8C, 80, 44, 00, 83, F8, FF, 75, 0F, FF, 15, D4, 80, 44, 00, 50, E8, DB, 1C, 00, 00, 59, EB, DE, F6, 45, 0C, 80, 74, 05, 83, E0, FE, EB, 03, 83, C8, 01, 50, FF, 75, 08, FF, 15, 6C, 81, 44, 00, 85, C0, 74, D5, 33, C0, 5D, C3, 6A, 0C, 68, 20, 29, 45, 00, E8, 9F, 82, 00, 00, 33, C0, 33, F6, 39...
 
[+]

Entropy:
7.9324  (probably packed)

Code size:
284 KB (290,816 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security