home

PreInstallValidator.exe

PreInstallValidator

Adknowledge

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application PreInstallValidator.exe has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install.browsersafeguard.com.
Publisher:
Adknowledge

Product:
PreInstallValidator

Version:
1.0.0.0

MD5:
5138a11848b046d2f5131487f1e8ea8f

SHA-1:
10fb97f4620cf8a35815ae3ca0682a7980dd0828

SHA-256:
e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d

Scanner detections:
13 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/13/2025 2:27:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.657222
1126

Bitdefender
Adware.Generic.657222
1.0.20.25

Bkav FE
W32.Clod2bc.Trojan
1.3.0.4613

Dr.Web
Adware.Bho.4004
9.0.1.0355

Emsisoft Anti-Malware
Adware.Generic.657222
8.14.01.05.04

Fortinet FortiGate
Adware/Fam.NB
1/5/2014

F-Secure
Adware.Generic.657222
11.2014-05-01_1

G Data
Adware.Generic.657222
14.1.22

K7 AntiVirus
Riskware
13.175.10735

MicroWorld eScan
Adware.Generic.657222
15.0.0.15

Reason Heuristics
PUP.Adknowledge.T
14.3.2.16

Sophos
Mal/MSIL-BA
4.96

Trend Micro House Call
TROJ_GEN.R047H08LG13
7.2.355

File size:
41 KB (41,984 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Adknowledge 2013

Original file name:
PreInstallValidator.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\preinstallvalidator.exe

File PE Metadata
Compilation timestamp:
12/13/2013 3:10:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:zm3PVGQPdMzSq8L1iVBM0prPNkmkvy/bpg5FAthBB2i8MzPVSc:y3PkE+zz8L1iVBMerPN12DAX8MzPx

Entry address:
0xB99E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00...
 
[+]

Entropy:
5.6509

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38.5 KB (39,424 bytes)

The file PreInstallValidator.exe has been seen being distributed by the following URL.

http://install.browsersafeguard.com/.../preinstallvalidator.exe

Remove PreInstallValidator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.