cartoonizer.exe

Setup Factory Runtime

The application cartoonizer.exe, “Setup Application” has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from push.clping.com.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.0.4.0

MD5:
296fc5f4123ad0183419483a3b1b3ac8

SHA-1:
b73dd3d9ad433167ae6bcb3749baac257707a139

SHA-256:
4571a89b3ba255719fb24db902cf429b2f63913f73f11be4e312849adad4dde2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 1:18:34 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Generickd-4331
0.98/21270

ESET NOD32
Win32/Toolbar.Babylon potentially unwanted application
7.0.302.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.801

VIPRE Antivirus
Threat.4150696
46456

File size:
4.5 MB (4,715,522 bytes)

Product version:
9.0.4.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cartoonizer.exe

File PE Metadata
Compilation timestamp:
12/16/2011 5:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:2YRVffkDbJ9Dld6uxcn1tk82UK6sdpN9+bAtBYgtMwcFPUQvM7btR2hIgd6:2YRKDNRj6uGn1todXwktRLcpUQvM7xM2

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file cartoonizer.exe has been seen being distributed by the following URL.

Remove cartoonizer.exe - Powered by Reason Core Security