Clicky

Pages

Tuesday, December 22, 2009

Software informer. Adware / Malware - most likely

Software informer.
This information was sent by a reader. I am posting it here with minimal editions. If you would like to download, test it, and resolve the controversy, the link is below. Thank you for your help.

There seem to be a lot of controversy on whether a Russian made software piece called Software Informer is malware/adware or not. http://aroundsap.blogspot.com/2007/08/remove-software-informer-system.html

I believe it is an adware and must be avoided - like anything associated with RBN. If you search for software updates, you often run into links poisoned by their ads like this
hxxp://aventail-access-manager.software.informer.com/download/
or this
hxxp://camera-assistant-software.software.informer.com/
 
"IP range (208.88.224.0/24) from files.informer.com (IP = 208.88.224.211) is in the RBN block rules.

http://www.emergingthreats.net/rules/emerging-rbn-BLOCK.rules

The domains in this range are not trustworthy
http://www.robtex.com/cnet/208.88.224.html
 


Download the file --> hxxp://files.informer.com/siinst.exe (MD5: f81ccc88fe9c73d54a3bbc72e760265b / Size: 744'538 Bytes)




MScan results and malware references:
http://www.prevx.com/filenames/992203412255399746-X1/SIINST.EXE.html

https://cwsandbox.org/?page=report&analysisid=1880194&password=olrslygvxt

http://anubis.iseclab.org/?action=result&task_id=1a804cba493323ae4d112c322bc862e87&format=html


Virustotal
File siinst.exe received on 2009.12.14 23:41:57 (UTC)

Result: 0/40 (0.00%)
File size: 744538 bytes
MD5 : f81ccc88fe9c73d54a3bbc72e760265b

There are multiple references online calling it adware and spyware.



No comments:

Post a Comment