» setup.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

setup.exe

Setup

Artua Vladislav

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application setup.exe by Artua Vladislav has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from premiumsoft.info. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.

File name:

setup.exe

Publisher:

Premium (signed by Artua Vladislav)

Product:

Setup

Description:

Installer

Version:

2011.10.27.1607

MD5:

5f4f4fdd3003f7759288a8a19d0f58f7

SHA-1:

06fbbbab8c3efeac9a9488c1994b3d7c29d33f03

SHA-256:

cf1a6f1b0ecf93a283638befa7f24b79732156bec02186d5f40054259fe87373

Scanner detections:

23 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

1/9/2025 8:02:32 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.InstallMate

7.1.1

Avira AntiVirus

TR/Kazy.33482.16

7.11.30.172

avast!

Win32:InstallMate-CJ [PUP]

2014.9-151115

AVG

Adware Agent.E

2016.0.2925

Bkav FE

HW32.CDB

1.3.0.4959

Clam AntiVirus

Trojan.Agent-286502

0.98/19749

Comodo Security

Application.Win32.Bundledz.C

18723

Dr.Web

Adware.Downware.97, Adware.Siggen.21581

9.0.1.0319

ESET NOD32

Win32/InstallMate potentially unwanted application

9.7.0.302.0

F-Prot

W32/InstallRex.C

v6.4.6.5.141

IKARUS anti.virus

AdWare.Allpremiumsoft

t3scan.1.6.1.0

K7 AntiVirus

Backdoor

13.177.12095

McAfee

Trojan.Artemis!7CEFFC506F5C

5600.6581

NANO AntiVirus

Riskware.Win32.Downware.cvbrbc

0.28.0.60577

Panda Antivirus

PUP/TSUploader

15.11.15.08

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

PUA.Artuavladi.Gen

11.15.14.00

Reason Heuristics

PUP.WebPick.ArtuaVladislav.Bundler (M)

15.11.15.8

Rising Antivirus

PE:Trojan.Dropper!6.12F0

23.00.65.151113

Sophos

PUA 'InstallRex'

SUPERAntiSpyware

Trojan.Agent/Gen-Comisproc

9506

Trend Micro House Call

TROJ_DIGI_0000008.TOMA

7.2.319

VIPRE Antivirus

Threat.4753027

29708

File size:

232.1 KB (237,624 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Artua Vladislav

Authority:

The USERTRUST Network

Valid from:

3/14/2011 8:00:00 PM

Valid to:

3/14/2012 7:59:59 PM

Subject:

CN=Artua Vladislav, O=Artua Vladislav, STREET=haRav Dangur 22, L=Bnei Braq, S=Israel, PostalCode=51281, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

302242B18FB354EA399140DBBA22B786

File PE Metadata

Compilation timestamp:

10/24/2011 3:20:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:GVdHl5i0Mm6aQc6UeI77KVgS/wnjhHFpG4b3H:GVdR16TBUJKVgk4jhGmH

Entry address:

0x14AE

Entry point:

55, 8B, EC, 81, EC, 24, 0A, 00, 00, 53, 56, 33, F6, 57, 66, 89, B5, DC, F5, FF, FF, 89, 75, F4, 89, 75, FC, FF, 15, 68, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 64, 30, 40, 00, 89, 45, F8, 68, 04, 01, 00, 00, 8D, 85, EC, FD, FF, FF, 50, 56, FF, 15, 60, 30, 40, 00, 85, C0, 75, 22, FF, 15, 5C, 30, 40, 00, 50, 68, B8, 33, 40, 00, E8, 77, FB, FF, FF, 59, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, F7, 01, 00, 00, 56, FF, 15, 58, 30, 40, 00, 8B, 48, 3C, 03, C8, 66, 81, 38, 4D, 5A, 0F, 85, BC, 01, 00, 00, 81... 
[+]

Entropy:

7.9395

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://premiumsoft.info/.../

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.