erwsetup.exe

ePub Reader for Windows

HANSoft, Inc.

The application erwsetup.exe, “ePub Reader for Windows Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
HANSoft, Inc.

Product:
ePub Reader for Windows

Description:
ePub Reader for Windows Setup

MD5:
57e85777b0d4ded74cb8c6df1656bb49

SHA-1:
56fdf7f710cb05632168908a543db6429651dbba

SHA-256:
5febefd3842370ed776dd7f5348358b7366adc3fa4b13cb6fa0981555b7e9cad

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/30/2024 10:06:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.RE11 (M)
16.5.3.15

File size:
1.1 MB (1,115,729 bytes)

Product version:
5.4

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\erwsetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:CQiKK+/BdLQ0M5fzIKHZrdtM90uX7C7Hq9ml7uh:C90/jL65bp5rT3uXuZU

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file erwsetup.exe has been seen being distributed by the following 19 URLs.

https://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKKPpaOompc=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqGQn5yklZw=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKCLpqOfl5Y=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqOQpJ-jmpo=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6SHpJ6mmJo=

&onid=2125&oid=3001-2125_4-75824080&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=education/ebooks-lit&topicbrcrm=&pid=14686414&mfgid=10045731&merid=10045731&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=f8a70929585969eba8d9feb4&viewguid=fYUj85oo9Mj4frAKZhKxF1aYcQpcdkKq9@xn&destUrl=http://files.downloadnow.com/s/software/.../68/64/.../ERWsetup.exe

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6aJoqWglJo=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqiOoqOhlZk=

https://epub-reader-for-windows.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPm/eURI0r2 Z1Ex4HTkguiuZyHJud643DM7EmpZq9imVZuTGyN3BvSRqG6kRK74QaFQFWbvbWWj/.../NJf85cF3bYA1Az2d0XnrQMP8jPtI2IMWjg7v0HM9VloWfqqYs=

http://gsf-cf.softonic.com/cdf/7c0/.../ERWsetup.exe

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm5-KoKCjlps=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eKopyfl5U=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6OJpqWjkpg=

http://epub-reader-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6GJoqOhmZY=

http://dl.mycommerce.com/wgt/9ae15daa864bfb4c/f5e4c092548eae92c64f6c54fc3fe3336a617c92e8b3273c0c0b8441ae59895a/.../EpubReadersetup.exe

Remove erwsetup.exe - Powered by Reason Core Security