» unziplite.exe
Overview
Analysis
File Details

unziplite.exe

SafeInstaller

InstallX, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application unziplite.exe by InstallX has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the InstallIQ Installation Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

unziplite.exe

Publisher:

SafeInstall, LLC (signed by InstallX, LLC)

Product:

SafeInstaller

Description:

Safe Installer

Version:

1.0.61.0

MD5:

9efaed1eba4bdd694583b5f8e824f21d

SHA-1:

f1c77e1201dc45a6a99974dd2848133a48c3e285

SHA-256:

ac57f35be0a8ed171dfe41b4a07c7926abd14c65d49d2e5643dad210fbaea624

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 1:27:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.155902

827

AhnLab V3 Security

PUP/Win32.Generic

2014.10.31

Avira AntiVirus

APPL/InstallIQ.Gen4

7.11.182.126

AVG

Adware Generic_r.NT

2014.0.4040

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155902

1.0.20.1520

Comodo Security

Application.Win32.InstallIQ.B

19950

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/InstallIQ.A potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Application.Bundler

11.2014-31-10_6

G Data

Gen:Variant.Application.Bundler.Graftor.155902

14.10.24

K7 AntiVirus

Unwanted-Program

13.185.13853

Kaspersky

not-a-virus:Downloader.NSIS.Agent

15.0.0.494

Malwarebytes

PUP.Optional.SafeInstall.A

v2014.10.31.03

MicroWorld eScan

Gen:Variant.Application.Bundler.Graftor.155902

15.0.0.912

NANO AntiVirus

Riskware.Win32.Searcher.csnymk

0.28.6.62995

Reason Heuristics

PUP.Installer.InstallX.J

14.10.29.2

Sophos

InstallQ

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4783689

34232

File size:

1.9 MB (1,991,704 bytes)

Product version:

1.0.61.0

Original file name:

safeinstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallIQ Installation Manager

Language:

English (United States)

Digital Signature

Signed by:

InstallX, LLC

Authority:

DigiCert Inc

Valid from:

3/20/2014 7:00:00 PM

Valid to:

4/8/2015 7:00:00 AM

Subject:

CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F4D188192318D28510FC886CBB855E6

File PE Metadata

Compilation timestamp:

9/10/2014 10:25:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:cZsonQHxM3RxxQ4SMix6y6YqEe7RoNHphhIXro5EjV7r7A6Rf+ADStVIlu6+q5wA:Xp6y6bUphmrL7o655DSoIq5B86T1heqr

Entry address:

0x5AC3A

Entry point:

E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, B0, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.0529

Code size:

1.1 MB (1,116,672 bytes)

Remove unziplite.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.