» quickref-setup-1.10.0.13.exe
Overview
Analysis
File Details
Downloads (1)

quickref-setup-1.10.0.13.exe

QUICKREF

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application quickref-setup-1.10.0.13.exe by QUICKREF has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d1ygmp29grtwmt.cloudfront.net.

File name:

Publisher:

Quick Ref (signed by QUICKREF)

Product:

Quick Ref

Description:

Quick Ref Setup

Version:

1.10.0.13

MD5:

d51a731800340f5a6c7309788f249f11

SHA-1:

e7102a6b94a53ed65e7d2e8385c6e3236f8b2db2

SHA-256:

06cff4e520032aafaba8adf046c9e714bb18ebb8223d94be5166fe88906811a9

Scanner detections:

31 / 68

Status:

Adware

Analysis date:

1/12/2025 5:17:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Vitruvian.J

6051259

Agnitum Outpost

PUA.Vitruvian

7.1.1

AhnLab V3 Security

PUP/Win32.Vitruvian

2015.05.02

avast!

GenMaliciousA-EHE [Adw]

150423-1

AVG

Adware Generic6.YZA

2014.0.4311

Baidu Antivirus

Adware.Win32.Vitruvian

4.0.3.1558

Bitdefender

Adware.Vitruvian.J

1.0.20.640

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21962

Dr.Web

Adware.Plugin.274

9.0.1.05190

Emsisoft Anti-Malware

Adware.Vitruvian

9.0.0.4799

ESET NOD32

Win64/NetFilter.A potentially unsafe (variant)

9.11563

Fortinet FortiGate

Adware/Vitruvian

5/8/2015

F-Secure

Adware.Vitruvian.J

5.13.68

G Data

Adware.Vitruvian

15.5.25

IKARUS anti.virus

PUA.Vitruvian

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.203.15778

Kaspersky

not-a-virus:AdWare.Win32.Vitruvian

15.0.0.543

McAfee

Trojan.Artemis!D51A73180034

17.6.569.0

MicroWorld eScan

Adware.Vitruvian.J

16.0.0.384

NANO AntiVirus

Riskware.Win64.Vitruvian.dqauiv

0.30.24.1357

nProtect

Adware.Vitruvian.J

15.04.30.01

Panda Antivirus

Trj/CI.A

15.05.08.11

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.InfoAtoms.Installer

15.5.8.11

Sophos

Generic PUA FK

4.98

Trend Micro House Call

TROJ_GEN.R0EBC0EDN15

7.2.128

Trend Micro

TROJ_GEN.R0EBC0EDN15

10.465.08

Vba32 AntiVirus

AdWare.Vitruvian

3.12.26.3

VIPRE Antivirus

Threat.5064803

39676

Zillya! Antivirus

Backdoor.CPEX.Win32.30054

2.0.0.2164

File size:

1013.7 KB (1,038,056 bytes)

Product version:

1.10.0.13

Original file name:

quickref-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\quickref-setup-1.10.0.13.exe

Digital Signature

Signed by:

QUICKREF

Authority:

GlobalSign nv-sa

Valid from:

9/4/2014 7:50:56 PM

Valid to:

9/4/2016 7:50:56 PM

Subject:

E=Support@quickrefapp.com, CN=QUICKREF, O=QUICKREF, L=Dover, S=DE, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219B2E795F5F7739842A0C0B7E7F9F1A08

File PE Metadata

Compilation timestamp:

12/5/2009 10:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:lUgmplkJaTD3fJck58I+5jSEkExg2sIGbM5Agw9LEEvbY:vmpl2wDvSs8hjSh92szM5twlzY

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.7943

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file quickref-setup-1.10.0.13.exe has been seen being distributed by the following URL.

http://d1ygmp29grtwmt.cloudfront.net/.../quickref-setup-1.10.0.13.exe

Remove quickref-setup-1.10.0.13.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.