home

fl_setup.exe

Fileadventure

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application fl_setup.exe, “Swift Installer ” by Fileadventure has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from 32s0jfwi.pn-installer3.com.
Publisher:
Swift Installer   (signed by Fileadventure)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
046dd818a55526b2ef3bede1d8f5da7d

SHA-1:
cbb3c8cb0be0207bfd8c55c8aca75164c4763e3e

SHA-256:
de809db43e7d2264b5a6f02d8128fb0d88f611d45a088a7abf74b9eff761dc2b

Scanner detections:
19 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 12:46:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.71370
6100378

Avira AntiVirus
Adware/iBryte.zline
7.11.193.22

avast!
Win32:Rootkit-gen [Rtk]
141130-1

AVG
Adware AdPlugin
2015.0.3266

Bitdefender
Gen:Variant.Strictor.71370
1.0.20.1715

Comodo Security
Application.Win32.Ibryte.NW
20284

Dr.Web
Trojan.DownLoader11.49526
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Strictor.71370
9.0.0.4668

ESET NOD32
Win32/Adware.iBryte.BR application
7.0.302.0

F-Prot
W32/A-a1a6e5b1
v6.4.7.1.166

G Data
Win32.Adware.IBryte
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14254

Kaspersky
Trojan.Win32.Buzus
15.0.0.543

Malwarebytes
PUP.Optional.iBryte
v2014.12.09.12

Norman
Gen:Variant.Adware.Strictor.71370
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.09.12

Reason Heuristics
PUP.Installer.Fileadventure.I
14.12.6.21

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4798837
35418

File size:
331.9 KB (339,832 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fl_setup.exe

Digital Signature
Signed by:
Fileadventure

Authority:
COMODO CA Limited

Valid from:
7/13/2014 5:00:00 PM

Valid to:
7/14/2015 4:59:59 PM

Subject:
CN=Fileadventure, O=Fileadventure, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EF279A57EB2CCFE0FCD97FC0F239ADE

File PE Metadata
Compilation timestamp:
12/3/2014 9:00:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:Q5dlWaI3qsdtco9QUGIVC9RMWApKwev17Eblkz25Xg74VBrbQ3k5e8I0UjZ299yc:jP3jzNInMWpw1bH674VBrbQmezZM9jBH

Entry address:
0x185F3

Entry point:
E8, 5A, A7, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, A6, 43, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, A6, 43, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F...
 
[+]

Entropy:
5.9352

Code size:
184 KB (188,416 bytes)

The file fl_setup.exe has been seen being distributed by the following URL.

http://32s0jfwi.pn-installer3.com/o/.../fl_setup.exe

Remove fl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.