vrootv1.7.3_setup.exe

Install Beta

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application vrootv1.7.3_setup.exe, “Swift Installer ” by Install Beta has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from secure.10-pn-installer.com.
Publisher:
Swift Installer   (signed by Install Beta)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
80b21b6574892501a4a7cd6c846aebcf

SHA-1:
59b4e2f8e5d6632c7d2621a7cd2d95ba69894755

SHA-256:
bad92cad5b37973c301ce4dc15f81974476e878d75c952bf23d4172f8786c598

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:25:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
17.2.25.14

File size:
560.9 KB (574,328 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\vrootv1.7.3_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/23/2014 10:00:00 PM

Valid to:
3/24/2015 9:59:59 PM

Subject:
CN=Install Beta, O=Install Beta, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009A48736EA8E3F31268B7C9D99C833A71

File PE Metadata
Compilation timestamp:
1/15/2015 8:00:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x251F1

Entry point:
E8, 9E, AD, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 64, 94, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 78, 90, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
5.7543

Code size:
286 KB (292,864 bytes)

The file vrootv1.7.3_setup.exe has been seen being distributed by the following URL.

http://secure.10-pn-installer.com/o/.../VRootv1.7.3_Setup.exe

Remove vrootv1.7.3_setup.exe - Powered by Reason Core Security