java_setup.exe

Software generic

Download Clever

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application java_setup.exe, “Software generic Setup ” by Download Clever has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Web   (signed by Download Clever)

Product:
Software generic

Description:
Software generic Setup

Version:
3.0.3.3

MD5:
dff1c0fd2c474966c7122799714d8226

SHA-1:
7acf34d6f6ca2f339075f85e7ac63ee7d459f4fb

SHA-256:
766ff6c865601d2a2097e2779d02a9e5317cf3647937f33d65546097a7571119

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:47:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.10.17.23

File size:
761.2 KB (779,504 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/3/2015 1:00:00 AM

Valid to:
2/3/2017 12:59:59 AM

Subject:
CN=Download Clever, O=Download Clever, STREET="500 Westover Dr. #6502", L=Sanford, S=NC, PostalCode=27330, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
48A953CDE52F438F756EE99DFE7211AE

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:LxQameYzkIYx3ic++AvQpVhXax131SXdTpNvK1JJfPUMXuZ0n2rWP4x92EvsGZky:LxQH/OxP++ASLax1lSLwDJ0MR2KPaUdO

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove java_setup.exe - Powered by Reason Core Security