emulesetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application emulesetup.exe by appbundler.com has been detected as adware by 24 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.fivemillionfriends.com.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.55.0

MD5:
cc804d4a67baf04823ec50aaf7b30798

SHA-1:
829edcfb55d49375accd4f603497a8a886c11305

SHA-256:
2d26137bb7d546fb1c2f84336fb7a4fda76f260d867b5d84fc5dafc61cbb9d40

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
12/27/2024 5:06:13 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.ScreenSaver
2012.04.03

Avira AntiVirus
ADWARE/Adware.Gen
7.11.26.220

avast!
Win32:Zango-AQ [PUP]
2014.9-150601

AVG
Zango
2016.0.3091

Bitdefender
Gen:Variant.Adware.Graftor.17662
1.0.20.760

Comodo Security
Application.Win32.Hotbar.IA
11981

Dr.Web
Adware.Hotbar.700
9.0.1.0152

Emsisoft Anti-Malware
Win32.SuspectCrc!IK
8.15.06.01.03

ESET NOD32
Win32/Adware.HotBar (variant)
9.7022

Fortinet FortiGate
Adware/Hotbar
6/1/2015

F-Prot
W32/HotBar.O2.gen
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Graftor.17662
11.2015-01-06_2

G Data
Gen:Variant.Adware.Graftor.17662
15.6.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.1.118.0

K7 AntiVirus
Adware
13.135.6575

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.1952

McAfee
Adware-HotBar.d
5600.6747

Microsoft Security Essentials
Adware:Win32/Hotbar
1.163.1557.0

Norman
W32/180Solutions.BSE
11.20150601

Quick Heal
Adware.Hotbar.AZ4
6.15.12.00

Reason Heuristics
PUP.Pinball.Installer
15.6.1.15

Sophos
ClickPotato Installer
4.73 TP

Vba32 AntiVirus
AdWare.ScreenSaver.e
3.12.16.4

VIPRE Antivirus
Pinball Corporation.
11744

File size:
308.2 KB (315,568 bytes)

Product version:
3.0.55.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\emulesetup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/21/2010 7:00:00 PM

Valid to:
12/21/2012 6:59:59 PM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05E671753CF9BB1D76A8C55652892720

File PE Metadata
Compilation timestamp:
2/23/2012 10:34:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:9+MI9IlUFh5dw5Lk+o8JRYN0bu0f1gQD7jUUcfeNRY:MMI9SUFv65Lto8JRYebuY1/vdcfeN6

Entry address:
0xB4C70

Entry point:
60, BE, 00, B0, 46, 00, 8D, BE, 00, 60, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8895

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
296 KB (303,104 bytes)

The file emulesetup.exe has been seen being distributed by the following URL.

Remove emulesetup.exe - Powered by Reason Core Security