etypesetup.exe

eType Setup Application

DSNR Media Group

The application etypesetup.exe by DSNR Media Group has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from landing.etype.com and multiple other hosts.
Publisher:
DSNR Media Group  (signed and verified)

Product:
eType Setup Application

Version:
2.1.0.10

MD5:
52849f70972f30fd3b61b525141fac90

SHA-1:
69a95df095fb764977b72cdcfe021513da43aa77

SHA-256:
e91a2c74625598ed27f439e5deba0c6e053051663b166dd210b4c26891a6ef73

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/24/2024 12:20:28 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.InstallToolbar.117
9.0.1.0357

ESET NOD32
Win32/Toolbar.eType
8.9236

Reason Heuristics
PUP.Installer.DSNRMediaGroup.K
14.8.7.23

File size:
457.8 KB (468,808 bytes)

Product version:
2.1.0.10

Copyright:
© 2010-2013 DSNR Media Innovations. All rights reserved.

Original file name:
eTypeSet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\etypesetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/4/2013 1:00:00 AM

Valid to:
2/5/2014 12:59:59 AM

Subject:
CN=DSNR Media Group, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DSNR Media Group, L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
728AB12B430CC198ECD6CC4C4790F216

File PE Metadata
Compilation timestamp:
2/26/2013 4:16:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:EBStsTBTJwyuSqKxZW7UHkygXTJ2g/P3kI3XBjqIASze1ovsk:EDT3u5KxZWYHkPXTwEMI3XowAovl

Entry address:
0x23E3A

Entry point:
E8, 5E, B4, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, BE, 44, 00, E8, E0, 50, 00, 00, E8, B9, 27, 00, 00, 0F, B7, F0, 6A, 02, E8, F1, B3, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C1, 5C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
241.5 KB (247,296 bytes)

The file etypesetup.exe has been seen being distributed by the following 11 URLs.

http://landing.etype.com/Home/.../Index

http://landing.etype.com/Home/Down/?s=DMGS&token=0000890544cbcac744f7480c2e568f9a1e8e2&t=1&page=http://landing.etype.com/.../En

http://landing.etype.com/Home/.../En

http://dl-vip.appstore.baidu.co.th/.../eTypeSetup.exe

http://landing.etype.com/Home/.../Sp

Remove etypesetup.exe - Powered by Reason Core Security