home

Setup.exe

Setup Manager LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by Setup Manager has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Setup Manager LLC  (signed and verified)

MD5:
8f957935526620500ad8963460fc75df

SHA-1:
087af58ca6605887338be22931005928c7047cd1

SHA-256:
c190efbaf8719aab0fe6704750bc2c4791d6bc12c8914c20dbbd07e6ddc184cd

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/12/2025 9:34:51 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.03.08

Avira AntiVirus
Adware/Softpulse.mew
7.11.212.246

avast!
Win32:Trojan-gen
2014.9-150308

AVG
Generic
2016.0.3176

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.141
9.0.1.05190

ESET NOD32
Win32/SoftPulse.X potentially unwanted application
9.7.0.302.0

F-Prot
W32/S-86e91d85
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BB
11.2015-08-03_1

herdProtect (fuzzy)
variant of unconfirmed 894326.crdownload (Adware)
2015.6.15.2

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15187

Kaspersky
not-a-virus:Downloader.Win32.DriverUpd
14.0.0.2375

Reason Heuristics
PUP.Bundler.Softpulse
15.3.11.17

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
37788

Zillya! Antivirus
Downloader.DriverUpd.Win32.167
2.0.0.2090

File size:
466.6 KB (477,808 bytes)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Setup Manager LLC

Authority:
COMODO CA Limited

Valid from:
2/15/2015 6:00:00 PM

Valid to:
2/16/2016 5:59:59 PM

Subject:
CN=Setup Manager LLC, O=Setup Manager LLC, STREET="501 Silverside Road, Suite 105", L=Wilmington, S=Delaware, PostalCode=19809, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0083BDD227DBB7AC8288AA961219124A1B

File PE Metadata
Compilation timestamp:
2/27/2015 7:39:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:iDxtVm6fJftzJ65Enf/FhPawnAM8FRSe1zpMPSM/wv2d:OtrBtzM56yJ2eNQ2

Entry address:
0x184390

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.9374

Packer / compiler:
ASPack v1.08.04

Code size:
965.5 KB (988,672 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.