setup-sefs.exe

SkypEmoticons

Eli Dahan

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application setup-sefs.exe, “SkypEmoticons Setup ” by Eli Dahan has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from skypemoticonscomplete.com and multiple other hosts. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
Eli Dahan  (signed and verified)

Product:
SkypEmoticons

Description:
SkypEmoticons Setup

MD5:
a062939f6b2f759764d2b9e00857cfdc

SHA-1:
e24d5d3580a37d48bd62bdf261ce3bc5ddb95ea9

SHA-256:
13c51bb1828034648f8ed5856a06925bc4d29aafe40cb1c7971affa56ceb5af3

Scanner detections:
14 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 7:06:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11479591
876

AhnLab V3 Security
PUP/Win32.InstallRex
2014.07.17

AVG
Win32/DH
2015.0.3354

Bitdefender
Trojan.Generic.11479591
1.0.20.1275

Clam AntiVirus
Win.Adware.Eorezo-91
0.98/21411

Emsisoft Anti-Malware
Trojan.Generic.11479591
8.14.09.12.05

F-Secure
Trojan.Generic.11479591
11.2014-12-09_6

G Data
Trojan.Generic.11479591
14.9.24

IKARUS anti.virus
PUP.InstallRex
t3scan.1.6.1.0

McAfee
Artemis!A062939F6B2F
5600.7010

MicroWorld eScan
Trojan.Generic.11479591
15.0.0.765

Panda Antivirus
PUP/TSUploader
14.09.12.05

Reason Heuristics
PUP.Installer.EliDahan.K
14.9.12.5

VIPRE Antivirus
Trojan.Win32.Generic
31342

File size:
424.5 KB (434,704 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex (using Inno Setup)

Common path:
C:\users\{user}\downloads\setup-sefs.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/10/2013 12:00:00 AM

Valid to:
6/10/2014 11:59:59 PM

Subject:
CN=Eli Dahan, O=Eli Dahan, STREET=Halapid 3, L=Ramat Gan, S=Center, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00864002C7281B93C1609931176B93A6AE

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:Z/QiQPET/T6MM5c2/aR8bwCt4bd+NSI5jo49UY94UqTpZ5a6U8i7runjFGdN0FV:RQiGETb6MM5KiVtmdQRl7q3C8pJtV

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file setup-sefs.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove setup-sefs.exe - Powered by Reason Core Security