Setup.exe

Generic Soft

GameoApp

The file Setup.exe, “Generic Soft Setup ” by GameoApp has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from cdn2.gameoapp.com.
Publisher:
Generic   (signed by GameoApp)

Product:
Generic Soft

Description:
Generic Soft Setup

MD5:
4bad0c3140079c601d01d3d4696941a2

SHA-1:
21aec406e9f671eee55e6dfdb5efedbfa368f261

SHA-256:
9d3c15e7e7c23b6f49836bb1380f8d5a4193b6df63768e70656c9aebec724659

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 10:24:51 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.A.2387
8.3.1.6

Comodo Security
Application.Win32.InstallCore.DQY
23072

Dr.Web
Trojan.InstallCore.40
9.0.1.0281

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

File size:
849.9 KB (870,280 bytes)

Product version:
5.7

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
12/3/2014 4:00:00 PM

Valid to:
12/9/2015 4:00:00 AM

Subject:
CN=GameoApp, O=GameoApp, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E63CA8B6D8FC3FFD060C6B512B00F02

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:RzHpuTjDIAJOMKoN2Aj121qpr+V4mkamDl:RT8nDIOA8i41+5sl

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8687

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file Setup.exe has been seen being distributed by the following URL.

Remove Setup.exe - Powered by Reason Core Security