» trialpay_d2503714.exe
Overview
Analysis
File Details
Downloads (3)

trialpay_d2503714.exe

InstallX, LLC

Part of an InstallX (InstallIQ) installation, a PUP that may bundle additional adware on the computer. The application trialpay_d2503714.exe by InstallX has been detected as adware by 8 anti-malware scanners. The file has been seen being downloaded from dl.installiq.com and multiple other hosts.

File name:

Publisher:

Trial Pay (signed by InstallX, LLC)

Product:

Trial Pay

Description:

trialpay.exe

Version:

2.136.5.0

MD5:

d05df21f6a208f4388f84faf34522509

SHA-1:

0278b66e85d1ca6cb77f24f720d53af528b43137

SHA-256:

cc68c26d5f4968659289c096ba1a26d47631f65a78ee4a75145c542d031b2eb0

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Analysis date:

11/22/2024 4:03:13 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/InstallIQ.Gen5

7.11.118.118

Comodo Security

Application.Win32.InstallIQ.B

17403

Dr.Web

Adware.W3i.32

9.0.1.0239

ESET NOD32

Win32/InstallIQ (variant)

8.9145

Malwarebytes

PUP.Optional.InstallIQ

v2014.08.27.09

Reason Heuristics

PUP.InstallX.R

14.8.27.21

Trend Micro House Call

TROJ_GEN.F47V1122

7.2.239

VIPRE Antivirus

InstallIQ Installer

24128

File size:

1.9 MB (1,947,216 bytes)

Product version:

2.136.5.0

Trial Pay

Original file name:

trialpay.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\trialpay_d2503714.exe

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/21/2013 8:00:00 PM

Valid to:

3/26/2014 8:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

030985B5A39F75A13A497DAB8BF611F7

File PE Metadata

Compilation timestamp:

11/20/2013 4:29:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:KVSsVw9Ou9dTjoY9cAjc9VgQ5PgoquNrR/7hpOMS7kKpXmEDZ0EWEbTkTi+on2bG:KVNbYqcLO/7hpO5pJDCgbTkTu2b8kK3

Entry address:

0xEEE9

Entry point:

E8, B5, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 38, FE, 57, 00, E8, F1, 47, 00, 00, E8, B9, 6A, 00, 00, 0F, B7, F0, 6A, 02, E8, 48, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.6921

Code size:

1.2 MB (1,283,584 bytes)

The file trialpay_d2503714.exe has been seen being distributed by the following 3 URLs.

http://dl.installiq.com/.../downloadpop.aspx?shortname=trialpay&a=14004&f=test&subid=U885443220

http://dl.installiq.com/.../downloadpop.aspx?shortname=trialpay&a=14004&f=test&subid=U887808364

http://dl.installiq.com/.../downloadpop.aspx?shortname=trialpay&a=14004&f=test&subid=U880984639

Remove trialpay_d2503714.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.