java setup.exe

Cololosec

INSTALL MANAGER LIMITED

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application java setup.exe, “Cololosec Setup ” by INSTALL MANAGER LIMITED has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
INSTALL MANAGER LIMITED  (signed and verified)

Product:
Cololosec

Description:
Cololosec Setup

Version:
4.0.4.5

MD5:
c0470a7e24a7a7d3ed11f87feccac87b

SHA-1:
d20f056895f18b871dc53d6d44f0deb715a48936

SHA-256:
38cb27025e4ee0cab07abc211410d12abc294b4a92f08d839b65bd4d3428591b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 10:36:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.10

File size:
948 KB (970,744 bytes)

Product version:
5.5.2

Copyright:
Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/16/2016 5:00:00 PM

Valid to:
3/17/2017 4:59:59 PM

Subject:
CN=INSTALL MANAGER LIMITED, O=INSTALL MANAGER LIMITED, STREET="Level 27, Pwc Tower, 188 Quay Street", L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FBDBC377785EFBB2B9815C82ABDC98E1

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9363

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file java setup.exe has been seen being distributed by the following URL.

http://www.appworldvaults.com/Ho6yDMqacnD4o3MX5jhYxSlDLFHHVum66WZ8YVv0NI320iGHDYDOkayf6tqnxMJGHWLUuNA2mVc4PvfjSSYihnbtFSK5kWxj7NYiuMpVp Ydlv2WnnfFhype2xX1nIG9oBJnOIvj2WANuDlcxS2vrPQITHy85ESrelHj9d71n0L1_rvqDz7PXlqoiJrsDmpdB ttHvP moAw lsXqhTsVKoFqA2m8zpfsh3DFYCg_76mEtS9i77fRNh7vZfivSyo7brYu6Y9DE4CKAY3FJF g1jESQDaqoNuFtst94WeA2REkWcUmrivHn4aVTYb 01Bo4aolHVHK6OIILJO3OjkLVXv8gl7 XYvr3uja4m08HPpinFsoBr2dVrXTOewFcjoKXsyPOHkk4IFaKKkAZh4 8nsJDaTMXm7_RS2BW90QRm8Ake ww0Y7poqD5ga5aIoDU_5LUZNtVG0Liht_k 9JlRYOydeEczmTieqZ_3RPsP6YAZPLFTDC5F7EPUU9o_KbyCwo21kvv8KUUq4fXTG6XeBmTvh7otUWdoOEUl9f01iWsTdwpPziS7f_Gbh9qy7HpzDXETudbkWA_b5639UcyerujcUKdr8CRuifx7lWbJWGt0JoZ2nW7rboAaDgfvRVdUjMxSAed8TKsfRll Ymoh0ALQ0mEAXKBA2flrcnM1 jcKczO8=-GzsAAGRwXmwDb5UCoAvxZSCJJLaB3Dim8iubBdzvVqO_rcrjuKE_ofs e1DY3rs1S5s2pooIFQ==

Remove java setup.exe - Powered by Reason Core Security