Reason Labs

greetingcardcreator.exe

SafeInstaller

SecureInstall, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application greetingcardcreator.exe by SecureInstall has been detected as PUP.InstallX. The program is a setup application that uses the InstallIQ Installation Manager installer. While the file was signed by an authenticode digital signature, the signature was either corrupt or invalid.
Publisher:
SafeInstall, LLC  (signed with an invalid signature)

Product:
SafeInstaller

Description:
Safe Installer

Version:
1.0.52.0

MD5:
f338f42f4889b8dfb7a0c8fd2a9c79ad

SHA-1:
db53e8cd2ac9488f4216f0a04dc214a999ccca4b

SHA-256:
92e0d348b75bd728b83ee693fdc11a840b7ffcdf1bb1e87d348712bad7754bba

Detection:
PUP.InstallX

Risk:
Medium

Explanation:
This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/15/2018 11:04:09 PM UTC  (a few moments ago)

File size:
1.9 MB (1,979,768 bytes)

Product version:
1.0.52.0

Copyright:
Copyright (C) 2014

Original file name:
safeinstall.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallIQ Installation Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\greetingcardcreator.exe

Digital Signature
Warning:
The subject's certificate was revoked

Authority:
DigiCert Inc

Valid from:
11/18/2013 6:00:00 PM

Valid to:
11/24/2014 6:00:00 AM

Subject:
CN="SecureInstall, LLC", O="SecureInstall, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
073E5B30FA98352DDA4DA1FD7215A72F

File PE Metadata
Compilation timestamp:
7/11/2014 10:02:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x58EBA

Entry point:
E8, E3, 3B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 68, 69, 54, 00, E8, 20, 2C, 00, 00, E8, B0, 3D, 00, 00, 0F, B7, F0, 6A, 02, E8, 76, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 57, 35, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.0545

Characteristics:
0x259

Code size:
1.1 MB (1,103,360 bytes)

There are 3 known versions of greetingcardcreator.exe by SafeInstall, LLC.

PUP.InstallX
greetingcardcreator.exe  1.0.49.0  (7d49d8e61682a63cb8726f531005e5396677736a)

PUP.InstallX.SecureIn.Installer
greetingcardcreator.exe  1.0.29.0  (bbf0d0b552f14fed4e48c89a761438dc028549f1)

PUP.InstallX
greetingcardcreator.exe  1.0.27.1  (a44e4e2337f107c0cb9a6108503785337f685ec6)

PUP.SecureInstall.Installer
vioplayerv.exe  (59001896e3a2702db39527e13ef8c9803da154b0)

PUP.SecureInstall.Installer
nuancepdf.exe  (63355a33f0cfd1b7f2246a2aaa8cd7ae90efb166)

PUP.SecureInstall.Installer
471547.exe  (a615d1cc2881d74750dfade7656e2e5d33f6576d)

PUP.SecureInstall.Installer
mediaplayer.exe  (40c4b8956b72bdf6764e2a98f8b4390bd34e2e37)

PUP.SecureInstall.Installer
flvinstaller.exe  (222e73b291c4ef50416b2e5f280812a29de5e5e3)

PUP.SecureInstall.Installer
7zip.exe  (fd78d5fda642b45290c608adaf8d06ae30d0d6c4)

PUP.SecureInstall.Installer
musicoasis.exe  (168761ba87fb7804f3102030da034d4d156fa279)

PUP.SecureInstall.Installer
mplayer.exe  (f0b7c7a139cf907a361e0a9d3ae4cee76a1f1d19)

PUP.SecureInstall.Installer
setupv.exe  (8334b6f3642702ac72f61e4f3799b079c16ed4f8)

PUP.SecureInstall.Installer
mediaclassic.exe  (eab1aeadb04f6b0584802830e42c49c5563e10d5)

PUP.SecureInstall.Installer
setup.exe  (cb02293fa9181dbd5dd9dfa9f8791c75c429f4da)

PUP.SecureInstall.Installer
applianflv.exe  (1fe0aa38862f79afcb13791ceb53ba9ff4799bf4)

PUP.SecureInstall.Installer
expertpdf7_7223.exe  (9501b99557cf642a723f4f0360e85ea98fdd9159)

PUP.SecureInstall.Installer
filewhiz.exe  (8f04693eb7eeba691170e6daee0b072bcf0c277d)

Download Reason Core Security - Powerful anti-malware software