» ClickOnceSetup.exe
Overview
Analysis
File Details

ClickOnceSetup.exe

Download4windows Downloader

GERYON ADS SL.

The application ClickOnceSetup.exe by GERYON ADS SL has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.

File name:

ClickOnceSetup.exe

Publisher:

GERYON ADS SL. (signed and verified)

Product:

Download4windows Downloader

Version:

1.0.5.43830

MD5:

b5db44b926b194f2d56ef52b815a0c50

SHA-1:

4c3332817241b8449f42286b4d37e00836bd84a2

SHA-256:

bf53624f8beab467050dccad6183f36c9c2765ffc624725fc261a85d6d4cd0fe

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/25/2024 2:16:51 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.11.16.20

File size:

957.4 KB (980,392 bytes)

Product version:

1.0.5.43830

Original file name:

ClickOnceSetup.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\apps\2.0\j9h7d3mb.wc7\xgkehr4l.lbx\clic..tion_0000000000000000_0001.0000_be707f157ab7a938\clickoncesetup.exe

Digital Signature

Signed by:

GERYON ADS SL.

Authority:

GlobalSign nv-sa

Valid from:

6/23/2015 4:47:17 PM

Valid to:

6/23/2016 4:47:17 PM

Subject:

CN=GERYON ADS SL., O=GERYON ADS SL., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121876A81F90DA17EC052D9EF4E5C681DCD

File PE Metadata

Compilation timestamp:

8/21/2015 4:49:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:o6UTlDGeJGHyjCmeEnI/7bXJL8ijv5H8NTpm:ohTlXrmmeHyijuw

Entry address:

0xE785E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8527

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

918.5 KB (940,544 bytes)

Remove ClickOnceSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.