home

openfreely_d161683.exe

InstallIQ Installation Utility

InstallX, LLC

The InstallIQ (InstallX) installation program is a co-bundle stub that devlivers software monetization offers during installation. These offers include web browser toolbars and extensions. The application openfreely_d161683.exe has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl2.iq10download.com and multiple other hosts.
Publisher:
InstallX, LLC

Product:
InstallIQ Installation Utility

Version:
2.137.0.0

MD5:
0f2dc5280654df8b7e7565b94f6eeebb

SHA-1:
f4dc0e5c31cdab381650a2989252ac30999beb84

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 1:16:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.InstallIQ.G
1082

AhnLab V3 Security
PUP/Win32.Installiq
2014.02.18

Avira AntiVirus
APPL/InstallIQ.Gen5
7.11.132.60

avast!
Win32:Adware-gen [Adw]
2014.9-140218

Bitdefender
Adware.InstallIQ.G
1.0.20.245

Comodo Security
Application.Win32.InstallIQ.B
17805

Dr.Web
Adware.W3i.32
9.0.1.049

Emsisoft Anti-Malware
Adware.InstallIQ
8.14.02.18.12

ESET NOD32
Win32/InstallIQ (variant)
8.9436

Fortinet FortiGate
Riskware/InstallIQ
2/18/2014

F-Secure
Adware.InstallIQ.G
11.2014-18-02_3

G Data
Adware.InstallIQ
14.2.24

IKARUS anti.virus
AdWare.InstallIQ
t3scan.2.2.29

Malwarebytes
PUP.Optional.InstallIQ
v2014.02.18.12

McAfee
Artemis!0F2DC5280654
5600.7216

MicroWorld eScan
Adware.InstallIQ.G
15.0.0.147

NANO AntiVirus
Trojan.Win32.Searcher.csnymk
0.28.0.57630

nProtect
Adware.InstallIQ.G
14.02.16.01

Reason Heuristics
PUP.Installer.InstallX.S
14.9.30.13

Rising Antivirus
PE:PUF.InstallIQ!1.9E4F
23.00.65.14216

Sophos
InstallQ
4.97

Trend Micro House Call
TROJ_GEN.F47V0116
7.2.49

VIPRE Antivirus
Trojan.Win32.Generic
26576

File size:
1.9 MB (2,038,864 bytes)

Product version:
2.137.0.0

Copyright:
Copyright ©2013 InstallX, LLC. All rights reserved.

Original file name:
InstallIQ.exe

File type:
Executable application (Win64 EXE)

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\openfreely_d161683.exe

File PE Metadata
OS bitness:
Win64

The file openfreely_d161683.exe has been seen being distributed by the following 4 URLs.

http://dl2.iq10download.com/dynamic/standard/.../openfreely_d7859079.exe

http://dl2.iq11download.com/dynamic/standard/.../openfreely_d7859079.exe

http://dl.installiq.com/.../getdynamicpath.aspx?shortname=openfreely&a=13312&f=OF-Index&VersionId=-1&key=standarddefault

http://dl.installiq.com/.../downloadpop.aspx?shortname=openfreely&a=13312&f=OF-Index

Remove openfreely_d161683.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.