javaupdate_setup.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application javaupdate_setup.exe, “Premium Installer ” by File Monarch has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Premium Installer   (signed by File Monarch)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
4335093702a5a579d89fc6df18135d77

SHA-1:
0d688dfa54e0be6c66a9275562d95a03ed357f6f

SHA-256:
d3f8620ba0e56e874cd2e79396a30a68276452a58e44f53a9e4091baab0bb24b

Scanner detections:
33 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 12:37:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.15
836

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2014.08.31

Avira AntiVirus
Adware/iBryte.bxop
7.11.170.230

avast!
Win32:Adware-gen [Adw]
2014.9-141021

AVG
Adware AdPlugin.ACA
2014.0.4040

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.141021

Bitdefender
Gen:Variant.Application.Bundler.15
1.0.20.1470

Clam AntiVirus
Win.Adware.Ibryte-3427
0.98/21411

Comodo Security
Application.Win32.AgentCV.HWYE
19425

Dr.Web
Trojan.DownLoader11.30617
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.15
14.10.21

ESET NOD32
Win32/AdWare.iBryte.BG application
7.0.302.0

Fortinet FortiGate
Adware/IBryte
10/21/2014

F-Prot
W32/A-34fffba4
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-21-10_3

G Data
Gen:Variant.Application.Bundler.15
14.10.24

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13272

Kaspersky
not-a-virus:AdWare.Win32.iBryte
15.0.0.494

Malwarebytes
PUP.Optional.OptimunInstaller
v2014.10.21.04

McAfee
Artemis!A882C139D4C4
5600.6970

MicroWorld eScan
Gen:Variant.Application.Bundler.15
15.0.0.882

NANO AntiVirus
Riskware.Win32.IBryte.dehywl
0.28.2.61861

Norman
IBryte.PDB
11.20141021

nProtect
Trojan-Clicker/W32.iBryte.126328
14.09.03.01

Qihoo 360 Security
Win32/Virus.Adware.cf5
1.0.0.1015

Quick Heal
TrojanDownloader.Badur.A5
10.14.14.00

Reason Heuristics
PUP.Installer.FileMonarch.Q
14.10.21.16

Sophos
Generic PUA HP
4.98

Vba32 AntiVirus
3.12.26.3

VIPRE Antivirus
Optimum Installer
32816

Zillya! Antivirus
Adware.iBryte.Win32.1590
2.0.0.1911

File size:
123.4 KB (126,328 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\javaupdate_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/18/2014 1:00:00 AM

Valid to:
3/19/2015 12:59:59 AM

Subject:
CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata
Compilation timestamp:
8/28/2014 11:15:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:1k0iEVrkP8Aai/Ls4OdFPkMKee/ipWVUe5XXJ1qDrIPSkTCmXqqeIQ2xNwn:10tPTt/LOdCMXrIakTCma2y

Entry address:
0x63B5

Entry point:
E8, 3E, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, B2, 40, 00, 89, 0D, 14, B2, 40, 00, 89, 15, 10, B2, 40, 00, 89, 1D, 0C, B2, 40, 00, 89, 35, 08, B2, 40, 00, 89, 3D, 04, B2, 40, 00, 66, 8C, 15, 30, B2, 40, 00, 66, 8C, 0D, 24, B2, 40, 00, 66, 8C, 1D, 00, B2, 40, 00, 66, 8C, 05, FC, B1, 40, 00, 66, 8C, 25, F8, B1, 40, 00, 66, 8C, 2D, F4, B1, 40, 00, 9C, 8F, 05, 28, B2, 40, 00, 8B, 45, 00, A3, 1C, B2, 40, 00, 8B, 45, 04, A3, 20, B2, 40, 00, 8D, 45, 08, A3, 2C, B2, 40...
 
[+]

Code size:
25.5 KB (26,112 bytes)

The file javaupdate_setup.exe has been seen being distributed by the following URL.

Remove javaupdate_setup.exe - Powered by Reason Core Security