update_16.exe

Safe Install Software

The application update_16.exe by Safe Install Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from files4.fastdownload6.com.
Publisher:
Supersonic Rapid Installation  (signed by Safe Install Software)

Product:
Supersonic Rapid Installation

Version:
21.3.7.865

MD5:
2e8e568238eda391450e9b05c621a422

SHA-1:
feab5bccfe27daa4880a5db8c61f2c652ba69abe

SHA-256:
0f9eb8453ea4af359954393a28a8cd8c945fe68b01a35494ed7b429e8cb707ee

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 6:20:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.SafeInst.Installer (M)
16.7.14.21

File size:
891.6 KB (913,032 bytes)

Product version:
21.3.7.865

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\update_16.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
11/3/2015 2:05:38 PM

Valid to:
9/6/2016 3:47:46 AM

Subject:
CN=Safe Install Software, O=Safe Install Software, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00E7829E9AC810013E

File PE Metadata
Compilation timestamp:
12/24/2014 4:08:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:e1oT40t6sZZw6EJXRqrG1I3wS3xZ2dFao:c0UIZ8B06R8xZ2L3

Entry address:
0x226C

Entry point:
E8, 9F, BD, 00, 00, E9, A2, B6, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 68, 56, 57, 68, D8, 04, 41, 00, FF, 15, 6C, 00, 41, 00, 50, E8, 9A, 5C, 00, 00, 6A, 00, 6A, 00, 6A, 00, 68, 00, 04, 00, 00, 68, 01, 68, 00, 00, B9, 19, 00, 00, 00, BE, 70, 04, 41, 00, 8D, 7C, 24, 20, F3, A5, 68, 80, 00, 00, 00, 68, 04, 80, 00, 00, 6A, 01, 68, 40, 04, 41, 00, 8D, 44, 24, 30, 6A, 64, 50, A4, E8, BC, 9A, 00, 00, 83, C4, 30, 5F, 5E, 84, C0, 75, 0E, FF, 15, 14, 01, 41, 00, 6A, 40, FF, 15, 00, 01, 41, 00, 83...
 
[+]

Entropy:
7.9621  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file update_16.exe has been seen being distributed by the following URL.

Remove update_16.exe - Powered by Reason Core Security