setup.exe

Long Mile Solutions, LLC

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Long Mile Solutions has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Long Mile Solutions, LLC  (signed and verified)

MD5:
9271c655ee291c4f3e9778273ca0a41b

SHA-1:
2bf6b7c042b3db84a8f42ca5bd01e42a8cf2ae8d

SHA-256:
9b0ebcab996bb7eb95c0fbd8abcab7acee51e79b08f31319dabeb8d93cb551b5

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 10:20:03 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BHO-AMO [PUP]
2014.9-140919

Dr.Web
Adware.Plugin.128
9.0.1.05190

ESET NOD32
Win32/ExFriendAlert.B potentially unwanted application
7.0.302.0

G Data
Win32.Adware.OpenCandy
14.9.24

IKARUS anti.virus
PUA.ExFriendAlert
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.OpenCandy
v2014.09.19.04

NANO AntiVirus
Trojan.Win32.ExFriendAlert.deiobm
0.28.2.62151

Reason Heuristics
PUP.Installer.LongMileSolutions.F
14.9.19.12

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14917

Sophos
OpenCandy
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4784449
32938

File size:
1.8 MB (1,874,640 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/26/2013 1:00:00 AM

Valid to:
4/27/2014 12:59:59 AM

Subject:
CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", STREET=640 GRAND AVE STE E, L=CARLSBAD, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53B89B8046F82D87A2C562F3D007CB45

File PE Metadata
Compilation timestamp:
6/6/2009 10:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:RZNA1pMo3L6T+qsfnXK9KoSiOqyKdblECMD4OwpnlrEib:rOL6qqsvXybOqBdxECZdllrEi

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9723

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security