home

quicktime setup.exe

Fubager

Install Safer (Install Manager Limited)

The application quicktime setup.exe, “Fubager Setup ” by Install Safer (Install Manager Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalcycletown.com.
Publisher:
Install Safer (Install Manager Limited)  (signed and verified)

Product:
Fubager

Description:
Fubager Setup

Version:
5.2.5.2

MD5:
83532335ba56bbc1dd6a4a39936e775b

SHA-1:
de48bc946d63566bb40a20505f197ebc56e3c227

SHA-256:
f6ef88673138d3bcab482095855f4900a0de207fbe82d31000a71fe7a5ab2ee1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 5:44:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer (M)
17.3.15.1

File size:
947 KB (969,760 bytes)

Product version:
5.5

Copyright:
Program installer

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\quicktime setup.exe

Digital Signature
Signed by:
Install Safer (Install Manager Limited)

Authority:
COMODO CA Limited

Valid from:
5/17/2016 8:00:00 PM

Valid to:
5/18/2017 7:59:59 PM

Subject:
CN=Install Safer (Install Manager Limited), O=Install Safer (Install Manager Limited), STREET="Level 27, 188 Quay Street", STREET=Pwc Tower, L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3DFEAF63B1841C27FF7F4E168B93D45D

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9348

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file quicktime setup.exe has been seen being distributed by the following URL.

http://www.capitalcycletown.com/XYYCdZk_CQK0lRNkh5itnHOiioKQt_V0tgecINz1O_jTm_mZoZD_RNIvJW1ypzhDeCGVV2Yjp JLMm F8Qy8E7SHAkcKXM9uThxkLjm163yDrXNWjDjoaw89Mk61cQUPECpe39Yqdo4SjtCX2qo7WIO8DnxSqGtMLwESg2QYrHM_2ko3HzEZ576LFNLTpEufkLqvUjAyP g2X1X_EfAQK Hg0FZaVg==-G3kAAGRwXkyTKhQfuqmTIz0Q_0HbwcIwDAAjzG0MxxbEEmzW_X3vJxHjDR4bpl7nGhI3ybQRtQfCjACqJMaFhsCaZsRHtCREIBXBgEvrgTGWAeVdJFQwywhGlQvzV1mvmqzmhM3fAA==

Remove quicktime setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.