javasetup.exe

Patop

ConnectorBeam (New Media Holdings Ltd.)

The application javasetup.exe, “Patop Setup ” by ConnectorBeam (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:

Product:
Patop

Description:
Patop Setup

Version:
2.4.5.8

MD5:
ce4a7f78a122cb631e0bc601df83cf0a

SHA-1:
6d3f16543aaf1c89c86a5d937308bfe3282bb028

SHA-256:
71cd7268493c7a5bd4d63da9d2e9905ac8fb9a2e5deb62f4fd8ab4fbaa135942

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 8:41:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.14.3

File size:
1.2 MB (1,264,520 bytes)

Product version:
1.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\javasetup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 8:11:14 PM

Valid to:
5/23/2017 10:32:04 PM

Subject:
CN=ConnectorBeam (New Media Holdings Ltd.), O=ConnectorBeam (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212D71259ED669D28D6D8FBB7A7C0C6F79

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 63, BB, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9845

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file javasetup.exe has been seen being distributed by the following URL.

http://www.hostcentralconcepts.com/ZyXqKxDoJZUxc7HcsGYbaltjQZ3hzq_QOjTcLrP31fpozbjctos zaPNWp87_qI22UrZDziumujQztv9I xqi4qLFTdTd1tL7wClwULDYmkMxatwBzA_KMpQU9LCR58Jo5PYxbWDIJjaGqg0 nAyjF7VZhRRCi6WOcy047W9ExdMW7IbdQzRmpl7JgyJjzqdIGaQVJseOQQxKO0YJudbxtz7YFVxU5ZD jFvKSwNAKQw6gKdQh9xewqQqUNOge1rsTssEBYi9h4B4k7NiXXncM3 Xy5_umKz0wY4Nebv5yvjdwRcIYQkIcA7gpNkXG5j3lWgSHcU26vzb cwu9YpGI2fD48ssj0CvCkTur HkQ6GZ eoVC0bjtbYiJwoy52wRuncysA1sRx58rUzwYp068QXsGQxEmOSP48iABSx11r37TTudM1zhGO0PloAM_PjGatOg fydQSx7PR_q5wFlS7HNZ5F84gaMX0 zDh41fMGDRTsYn99tn9LxDNYjmWTGibtymenH0sEsH1QSSJa8AhTOGvvK PHHBn0jSZfktmJnivqF7urA_m_fmaHMJ5ch5g3bOD moKuH6LxQRFZQ5a6UYdi14pbgSUK1V_uXm_X9Q2QRtXkmG49eDxcn11rAjr5sMogTG5LJj ipmj4P5mEfpxtHwmj_aaa5RRasgabVGSittGUGEeBKnurbaDsz wsChUG2V3I8aBWYmYuMopIljltHbcQoMYDaAj gzjpKY1MqDsna3vzGYPzzvDOIFBzEBrDxRDby4STLRJKr7nNkYP2s5fFgzqYjYke3hPPQuuB7QhN3EZmJ_amo4pKwSSHEi6-GzYAAORtm0vBUfhuqMOwiEKKuhCBClpIbmBKjV90oj0x9Ry3RRAq jbgJCL4CsgBL1zx wI=

Remove javasetup.exe - Powered by Reason Core Security