Setup.exe

Secure Download

The file Setup.exe by Secure Download has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Secure Download  (signed and verified)

MD5:
5179eefa926322250c726858582dee17

SHA-1:
02506a4f94b134b9067f1d79ae744002d082d54f

SHA-256:
204bcda5c7460b48c87dd56d8301eeb7d0a94e49b35ae321cec3e66ae0d90f4a

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/23/2024 10:06:10 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.202.56

avast!
Malware-gen
150101-1

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/InstallMonetizer.BB potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.191.14671

Malwarebytes
Riskware.Vmdetector
v2015.01.17.02

McAfee
Artemis!538A619A9221
5600.6882

Reason Heuristics
PUP.AVSoftware EOOD.SecureDownload
15.1.17.14

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15115

Sophos
Generic PUA GJ
4.98

Trend Micro House Call
TROJ_GE.9CF377B3
7.2.17

VIPRE Antivirus
Threat.4786532
36694

File size:
564.8 KB (578,400 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/5/2014 12:00:00 AM

Valid to:
3/5/2015 11:59:59 PM

Subject:
CN=Secure Download, O=Secure Download, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A163CF1968E65B367055E666115E2F14

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sXszc+lWp5EdVplMCB4sbpogshbJd5AzVOe+Du7rbJd5A81wVC/f:dzcoeEdXWCmsmgshbJd5AzoeRrbJd5Am

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7035

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security