linksicle-setup-1.8.1.0.exe

Linksicle

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application linksicle-setup-1.8.1.0.exe by Linksicle has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.vertitechnologygroup.com.
Publisher:
Linksicle  (signed and verified)

Product:
Linksicle

Description:
Linksicle Setup

Version:
1.8.1.0

MD5:
32cb0224f766befa4b39965dd43984c3

SHA-1:
51c4cd7f14ef5ec1bb3973653a12fd7e24c2d555

SHA-256:
652cfa2dee5a49ca95f2b97daaafdee96deb35a3f6d871d864819900ecf5f265

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
12/24/2024 12:32:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.AdPage.A
901

AVG
Generic5
2015.0.3379

Bitdefender
Adware.AdPage.A
1.0.20.1145

Bkav FE
W32.Clodce1.Trojan
1.3.0.4613

Dr.Web
Adware.Plugin.101
9.0.1.0229

Emsisoft Anti-Malware
Adware.AdPage
8.14.08.17.11

ESET NOD32
Win32/AdWare.Vitruvian (variant)
8.9190

Fortinet FortiGate
Riskware/Vitruvian
8/17/2014

F-Secure
Adware.AdPage.A
11.2014-17-08_1

G Data
Adware.AdPage
14.8.22

IKARUS anti.virus
AdWare.AdPage
t3scan.2.2.29

McAfee
Artemis!32CB0224F766
5600.7035

MicroWorld eScan
Adware.AdPage.A
15.0.0.687

nProtect
Adware.AdPage.A
13.12.26.02

Reason Heuristics
PUP.Installer.Linksicle.U
14.8.17.23

Trend Micro House Call
TROJ_GEN.F47V1226
7.2.229

VIPRE Antivirus
Linksicle
24796

File size:
1.5 MB (1,559,536 bytes)

Product version:
1.8.1.0

Copyright:
(c) 2013 Linksicle

Original file name:
linksicle-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\linksicle-setup-1.8.1.0.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
5/15/2013 10:59:47 AM

Valid to:
5/16/2014 10:59:47 AM

Subject:
E=support@linksicle.com, CN=Linksicle, O=Linksicle, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212949C7E0DD2DAE02FDADCB01A5928F0B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:PsIzZhlSAIW6gtEjc79p600vQWYxKgUg1gxy0MG67P1GX6JiF:Pll7sWdtWc7Xd04CdgA8kxF

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9276

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file linksicle-setup-1.8.1.0.exe has been seen being distributed by the following URL.

Remove linksicle-setup-1.8.1.0.exe - Powered by Reason Core Security