» java setup.exe
Overview
Analysis
File Details
Downloads (1)

java setup.exe

Dukelad

INSTALL MANAGER LIMITED

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application java setup.exe, “Dukelad Setup ” by INSTALL MANAGER LIMITED has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

java setup.exe

Publisher:

INSTALL MANAGER LIMITED (signed and verified)

Product:

Dukelad

Description:

Dukelad Setup

Version:

4.6.5.3

MD5:

eb1eaf0e77c3a0bbb7fccb248b45975e

SHA-1:

50fa80655c3470de55b7769e805e696d32e7b434

SHA-256:

5e6d8ab2a0f159766217b1c8fc58e524709067eebe9504ffa859e75ba84c4639

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/30/2024 12:54:37 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.3.15.23

File size:

947.2 KB (969,928 bytes)

Product version:

4.2.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java setup.exe

Digital Signature

Signed by:

INSTALL MANAGER LIMITED

Authority:

COMODO CA Limited

Valid from:

3/16/2016 8:00:00 PM

Valid to:

3/17/2017 7:59:59 PM

Subject:

CN=INSTALL MANAGER LIMITED, O=INSTALL MANAGER LIMITED, STREET="Level 27, Pwc Tower, 188 Quay Street", L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FBDBC377785EFBB2B9815C82ABDC98E1

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9340

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file java setup.exe has been seen being distributed by the following URL.

http://www.packagebodyshare.com/zLaLyhf AsmBUGXnW4EpSp3 JPi5aQd36sY3BZYCrTAf1k_VBdYUZNAQVyIm018j_ynU_994pkA1SykskZ ppDdaqf7IhyxRh39AwGZCx1v7IKnDTZ5N6J 0B_dmrNnvq3zaWnkLCkm9j gxet1LngyPQ6bLQPIRT470IlUvIIp Zxk0Md9zvUsP5kL48ec5eSqTLbtyFckwdoUV83KjZPXp3gIyUxbMVDBUp3uNOl9QuppTyrAwRUYn8R nFuUw8WQkNvqR8by OLhtoY9j0zVYK7e7xKgwGtwdyfjfyr95em_jbU0fuiobMCnx5ZFwFU7nhQKN0VsHD02BqgbP94X wkRJg0fkUo3y_nTgW_2HLVLfjIQVuRv8ciXaWVSyyp_tU7BKhg2DCt83pcNJ fBs4Ti8Lp366K3jZ3ibs1KSRThAGWBjR2H0sViX41jJQSK22WiKCnEAZoRw DpGoGvGtcdqLqxgBYnQAP9q5qKBBhcN5 Fouk5Qb RAV3YXreQZVg8KlSxcKVPxCxg30o0isSwfO3ypXnMhDGEGzwO8iP1TaNePmSqP3xrSBV3MNLmMfc4c6hLZKeevpm6W0lDEU7_i4NXVAOuT_ZFUDs6T57QiP61o4I58oKV0M K suoJkJ 0rnXCe4prFtsVlzlYVfgN7O4b5oQhDb68vQccNvQoU=-GzsAAGRwXmwDb5UCoAvxZSCJJLaB3Dim8iubBdzvVqO_rcrjuKE_ofs e1DY3rs1S5s2pooIFQ==

Remove java setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.