csetup.exe

Installer

OOO Kod-Intertainment

The application csetup.exe by OOO Kod-Intertainment has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
OOO Kod-Intertainment  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
7f5d6d1dc76e4acc163d7ba9330b9154

SHA-1:
25338d5e8d4c08e399bdca318fde6a2c58f66716

SHA-256:
c177280a3c0892aa309797ad929bb9c531e67131d7fb61cbaf51e3d439c8af08

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 11:10:29 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.OOOKodIn.Installer (M)
16.6.10.21

File size:
345.6 KB (353,872 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\csetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/5/2016 4:00:00 AM

Valid to:
2/5/2017 3:59:59 AM

Subject:
CN=OOO Kod-Intertainment, O=OOO Kod-Intertainment, STREET="d. 9 str. 1 of. 36, Sukharevski M. per.", L=Moscow, S=Moscow, PostalCode=127051, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CC0E842B9BEC5B956C956FBCB6FC721B

File PE Metadata
Compilation timestamp:
4/5/2016 1:48:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:6EqCtAhUvkiaVbKYTtbuIFZYQWHHMmiH6xZtxcsxTcjAYKBH1uovS8cqY+nKpWoX:63CtGUiVbKYJF2QU9fXtemTcjn01uovo

Entry address:
0x5514E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
332.5 KB (340,480 bytes)

The file csetup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove csetup.exe - Powered by Reason Core Security