java setup.exe

Dukelad

INSTALL MANAGER LIMITED

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application java setup.exe, “Dukelad Setup ” by INSTALL MANAGER LIMITED has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
INSTALL MANAGER LIMITED  (signed and verified)

Product:
Dukelad

Description:
Dukelad Setup

Version:
4.6.5.3

MD5:
eb1eaf0e77c3a0bbb7fccb248b45975e

SHA-1:
50fa80655c3470de55b7769e805e696d32e7b434

SHA-256:
5e6d8ab2a0f159766217b1c8fc58e524709067eebe9504ffa859e75ba84c4639

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 10:41:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.15.23

File size:
947.2 KB (969,928 bytes)

Product version:
4.2.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/16/2016 8:00:00 PM

Valid to:
3/17/2017 7:59:59 PM

Subject:
CN=INSTALL MANAGER LIMITED, O=INSTALL MANAGER LIMITED, STREET="Level 27, Pwc Tower, 188 Quay Street", L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FBDBC377785EFBB2B9815C82ABDC98E1

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9340

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file java setup.exe has been seen being distributed by the following URL.

http://www.packagebodyshare.com/zLaLyhf AsmBUGXnW4EpSp3 JPi5aQd36sY3BZYCrTAf1k_VBdYUZNAQVyIm018j_ynU_994pkA1SykskZ ppDdaqf7IhyxRh39AwGZCx1v7IKnDTZ5N6J 0B_dmrNnvq3zaWnkLCkm9j gxet1LngyPQ6bLQPIRT470IlUvIIp Zxk0Md9zvUsP5kL48ec5eSqTLbtyFckwdoUV83KjZPXp3gIyUxbMVDBUp3uNOl9QuppTyrAwRUYn8R nFuUw8WQkNvqR8by OLhtoY9j0zVYK7e7xKgwGtwdyfjfyr95em_jbU0fuiobMCnx5ZFwFU7nhQKN0VsHD02BqgbP94X wkRJg0fkUo3y_nTgW_2HLVLfjIQVuRv8ciXaWVSyyp_tU7BKhg2DCt83pcNJ fBs4Ti8Lp366K3jZ3ibs1KSRThAGWBjR2H0sViX41jJQSK22WiKCnEAZoRw DpGoGvGtcdqLqxgBYnQAP9q5qKBBhcN5 Fouk5Qb RAV3YXreQZVg8KlSxcKVPxCxg30o0isSwfO3ypXnMhDGEGzwO8iP1TaNePmSqP3xrSBV3MNLmMfc4c6hLZKeevpm6W0lDEU7_i4NXVAOuT_ZFUDs6T57QiP61o4I58oKV0M K suoJkJ 0rnXCe4prFtsVlzlYVfgN7O4b5oQhDb68vQccNvQoU=-GzsAAGRwXmwDb5UCoAvxZSCJJLaB3Dim8iubBdzvVqO_rcrjuKE_ofs e1DY3rs1S5s2pooIFQ==

Remove java setup.exe - Powered by Reason Core Security