taskinst19.exe

Search Safer Inc.

The application taskinst19.exe by Search Safer has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d18okb3pa33axu.cloudfront.net.
Publisher:
Search Safer Inc.  (signed and verified)

MD5:
994fe71a131a72effadf42db678c2770

SHA-1:
1dcb53fb9494ad4a8af22c0a60a735f9ce7bf834

SHA-256:
390d5fda294ffee2c72b0acbefa178456f8b6d7c1e956f37a0668495f54ac137

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
11/24/2024 12:56:35 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-131225

AVG
MalSign.SeSafer
2015.0.3599

Bkav FE
W32.Clod067.Trojan
1.3.0.4613

Dr.Web
Trojan.KillProc.30581
9.0.1.09

ESET NOD32
Win32/ChatZum
7.9291

G Data
Win32.Trojan.Agent.1W0YUY
13.12.24

McAfee
Artemis!994FE71A131A
5600.7255

Norman
Suspicious_Gen4.FQDGE
11.20140115

Reason Heuristics
PUP.SearchSafer.K
14.8.8.0

XVirus List
Win32.Detected
2.8.8

File size:
84 KB (85,992 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\taskinst19.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/3/2012 4:00:00 PM

Valid to:
2/10/2016 4:00:00 AM

Subject:
CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0403B9226C3448CDB32080CC686AB22C

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:JfYBrbzmFizYwUK1G0DRXJ0Cfcxf2u6x1flG7lO/Ei3AV0xYpp:VY4FizYxCDRXJ0CyObxxlG7lQEk2pp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.5619

Code size:
23.5 KB (24,064 bytes)

The file taskinst19.exe has been seen being distributed by the following URL.

Remove taskinst19.exe - Powered by Reason Core Security