sfa_inst.exe

Smart File Advisor

Totalpc

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application sfa_inst.exe, “Smart File Advisor Setup ” by Totalpc has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.freewarefiles.com and multiple other hosts.
Publisher:
Filefacts.net   (signed by Totalpc)

Product:
Smart File Advisor

Description:
Smart File Advisor Setup

Version:
1.1.2.0

MD5:
deb7b3e0591f2d3b805455a5d3d88b4f

SHA-1:
ee611ff711a1dcfd4b9e41686fe741292dfc39a2

SHA-256:
bbeb8f144ccf91b8906dea17e763a320f8bf9efd9cd1a19c8792035defcd3888

Scanner detections:
2 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:14:37 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3524

Reason Heuristics
PUP.Installer.Totalpc.I
14.8.8.0

File size:
578.7 KB (592,552 bytes)

Product version:
1.1.2

Copyright:
Copyright © 2010-2013 Filefacts.net

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\sfa_inst.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/22/2013 7:00:00 AM

Valid to:
7/23/2014 6:59:59 AM

Subject:
CN=Totalpc, O=Totalpc, STREET=29 Coopers Mill Avenue, STREET=Dundonald, L=Belfast, S=Antrim, PostalCode=BT161WR, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C41049E590A85A4E45F8DF4839AFAE52

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Wna99tND5lL2JnZNHF1/SZ/uRcEkDkfMiztRAdWv/T0uI:Wnab9lanZBSZMcEYLsRpTDI

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9531

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file sfa_inst.exe has been seen being distributed by the following 2 URLs.

Remove sfa_inst.exe - Powered by Reason Core Security