premiumgenerator.exe

Setup Factory Runtime

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application premiumgenerator.exe, “Setup Application” by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from popi.tv and multiple other hosts.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.1.0.0

MD5:
b3774ef1482750af521920c00a04eaff

SHA-1:
f80e1b16ba2043e8a4364d255651fd9d960cc56f

SHA-256:
49b222d8592aa1867ee3dfd6f9e8659c9e49f529718d41a50d4072396c30bd4d

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 1:08:39 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Skodna.Generic_c
2015.0.3475

Reason Heuristics
PUP.Installer.Amonitize
15.2.14.11

File size:
2.9 MB (3,030,312 bytes)

Product version:
9.1.0.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\premiumgenerator.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/26/2013 2:00:00 AM

Valid to:
2/27/2014 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AA9B511464EAA0A58485815A3C6628FC

File PE Metadata
Compilation timestamp:
6/14/2012 7:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:KShySkASzCNzcvi57bxUxw2d6uIccOBq7xGLF8VpYavgp/R61eb3MtVKGLj:hqBQzcahitd6uxcy6xGLAvgp/Q1eb8t9

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file premiumgenerator.exe has been seen being distributed by the following 2 URLs.

Remove premiumgenerator.exe - Powered by Reason Core Security