» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Microsoft Security Essentials

IDC Ventures LLC

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by IDC Ventures has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

idcventures (signed by IDC Ventures LLC)

Product:

Microsoft Security Essentials

Version:

3.0.0.87

MD5:

9d63208b0cd4ee2f82a94ee5b935aed7

SHA-1:

0c6c9d8fd742de8822231e706912d2cbcf867a94

SHA-256:

d8fc2667531262e7e7230563367a7c780e08bf0eef64cd77096c8d8abb580649

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/7/2024 10:33:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.AirInstaller.5

361

AhnLab V3 Security

PUP/Win32.Bundler

2015.05.07

avast!

Win32:Adware-CJX [PUP]

2014.9-160209

AVG

Potentially harmful program DownloadAssistant.A

2017.0.2839

Bitdefender

Gen:Variant.Application.Bundler.AirInstaller.5

1.0.20.200

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.DownloadAssistant.S

21792

Dr.Web

Trojan.Vittalia.30

9.0.1.040

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.AirInstaller

8.16.02.09.10

ESET NOD32

Win32/DownloadAssistant.A potentially unwanted application

10.7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2016-09-02_3

G Data

Gen:Variant.Application.Bundler.AirInstaller

16.2.25

MicroWorld eScan

Gen:Variant.Application.Bundler.AirInstaller.5

17.0.0.120

NANO AntiVirus

Trojan.Win32.Vittalia.dqfrig

0.30.16.1110

Panda Antivirus

Trj/Genetic.gen

16.02.09.10

Reason Heuristics

PUP.Air Software.IDCVentures.Bundler (M)

16.2.9.10

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.16207

Vba32 AntiVirus

Downloader.DownloadHelper

3.12.26.3

File size:

844.7 KB (864,944 bytes)

Product version:

3.0.0.87

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

IDC Ventures LLC

Authority:

Symantec Corporation

Valid from:

12/25/2014 4:00:00 PM

Valid to:

12/25/2016 3:59:59 PM

Subject:

CN=IDC Ventures LLC, O=IDC Ventures LLC, L=Vermilion, S=Ohio, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

57A88D08BD785CCB956355DFF2389330

File PE Metadata

Compilation timestamp:

3/16/2015 5:27:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:oSKE/oYUxruBRHUVmdkm3j/ofSOcae0RfRl4XrVl:nj/oY2YRH08rzmSfaBUbVl

Entry address:

0x126A

Entry point:

55, 8B, EC, 83, EC, 10, 53, 56, 57, 6A, 00, FF, 15, 08, 90, 47, 00, 8B, F8, 33, D2, 8B, CF, 8B, 5F, 3C, 03, DF, 2B, 05, 1C, 10, 40, 00, 89, 45, F4, 1B, D2, F7, D8, 89, 55, F8, 0F, B7, 73, 14, 83, D2, 00, F7, DA, 89, 75, F0, 52, 8B, 93, A0, 00, 00, 00, 50, 8B, 44, 1E, 24, 03, 05, 28, 10, 40, 00, 50, FF, B3, A4, 00, 00, 00, E8, 88, FD, FF, FF, 8B, 54, 1E, 28, 83, C4, 10, A1, 28, 10, 40, 00, 2B, D0, 83, FA, 01, 76, 0D, 8B, 4C, 1E, 24, 03, C8, 03, CF, E8, F2, FE, FF, FF, A1, 20, 10, 40, 00, 83, C6, 40, 03, F3... 
[+]

Entropy:

7.0514

Developed / compiled with:

Microsoft Visual C++

Code size:

478.5 KB (489,984 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://fv.changeflash.com/f/gb/.../index.php?sid=300&dv1=ad294-gb&kw1=ad294-gb-qyc&uuid=7901f871-ac30-45ed-56a3-efb16c8934b5&dv3=7901f871-ac30-45ed-56a3-efb16c8934b5

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.