Setup.exe

SecureInstaller

SecureInstall, LLC

Part of an InstallX (InstallIQ) installation, a PUP that may bundle additional adware on the computer. The file Setup.exe by SecureInstall has been detected as adware by 12 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from track.cmllk1.info and multiple other hosts.
Publisher:
SecureInstall, LLC  (signed and verified)

Product:
SecureInstaller

Description:
Secure Installer

Version:
1.0.25.0

MD5:
74e443d9117d94260389f3d6c6457180

SHA-1:
8de2a0d4e3c91006b02e3a0e5eae88c398973d14

SHA-256:
4be94d974e06c49188f8e0de41d81ad90c20984c760923fe21e9023b05276633

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Analysis date:
12/24/2024 1:07:40 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MultiBundle
2015.0.3329

Dr.Web
Adware.Downware.2512
9.0.1.0279

ESET NOD32
Win32/InstallIQ (variant)
8.9740

G Data
Win32.Application.InstallIQ
14.10.24

Malwarebytes
PUP.Optional.InstallIQ
v2014.10.06.05

McAfee
Artemis!74E443D9117D
5600.6985

NANO AntiVirus
Riskware.Win32.Searcher.csnymk
0.28.0.59608

Reason Heuristics
PUP.Installer.SecureInstall.CC
14.10.6.17

Rising Antivirus
PE:PUF.InstallIQ!1.9E4F
23.00.65.141004

Sophos
InstallQ
4.98

Trend Micro House Call
TROJ_GEN.F47V0110
7.2.279

VIPRE Antivirus
InstallIQ Installer
28712

File size:
1.5 MB (1,612,392 bytes)

Product version:
1.0.25.0

Copyright:
Copyright (C) 2014

Original file name:
secureinstall.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
11/18/2013 4:00:00 PM

Valid to:
11/24/2014 4:00:00 AM

Subject:
CN="SecureInstall, LLC", O="SecureInstall, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
073E5B30FA98352DDA4DA1FD7215A72F

File PE Metadata
Compilation timestamp:
1/10/2014 6:47:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:c5f6MGJ5ZdaGLIX5EbPIny9HbPz1gEU7VrCMn94F16Su6/Rqc2BU1ioTSOHTTZ/r:I665EdRhkeu4fHu6LwU1i0HT9+mf14M

Entry address:
0x47F5D

Entry point:
E8, F0, 3A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 63, 51, 00, E8, 2D, 2B, 00, 00, E8, BD, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 83, 3A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 64, 34, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.9527

Code size:
923 KB (945,152 bytes)

The file Setup.exe has been seen being distributed by the following 7 URLs.

http://track.cmllk1.info/aff_c?offer_id=18&aff_id=10608&aff_sub=newlock-

Remove Setup.exe - Powered by Reason Core Security