setup.exe

The application setup.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dlp.cloudsvr310.com and multiple other hosts.
MD5:
bdfd4360c2768aacc5adf8f06e55293a

SHA-1:
2d419eaec26cfc16e69bcfa824d5325bcad136e2

SHA-256:
13222007e7601c446d1c6f45f3b8ceedefa79a67321f0a10ab1ac48d7030793d

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
11/25/2024 4:27:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
6217426

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.16

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.195.250

avast!
Win32:DomaIQ-BF [PUP]
141214-1

AVG
Adware Skodna.Bundle_r.S
2015.0.3253

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1780

Clam AntiVirus
Win.Trojan.Domaiq-11
0.98/19786

Comodo Security
Application.Win32.DomaIQ.KKL
20383

Dr.Web
Trojan.DownLoad3.31551
9.0.1.0356

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
9.0.0.4668

ESET NOD32
Win32/DomaIQ.AZ (variant)
8.10883

Fortinet FortiGate
Adware/DomaIQ
12/22/2014

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

G Data
Application.Bundler.DomaIQ
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.187.14339

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.2758

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.22.11

McAfee
Program.CryptDomaIQ
5600.6909

Microsoft Security Essentials
Threat.Undefined
1.189.2207.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.1068

NANO AntiVirus
Trojan.Win32.DomaIQ.cssxal
0.28.6.64267

Norman
Application.Bundler.DomaIQ.Q
04.12.2014 14:30:06

nProtect
Trojan-Clicker/W32.Agent.330920
14.12.15.01

Panda Antivirus
Trj/Genetic.gen
14.12.22.11

Quick Heal
Adware.DomaIQ.BT5
12.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.22.11

Rising Antivirus
PE:Adware.Graftor!6.14B6
23.00.65.141220

Sophos
PUA 'DomainIQ pay-per install'
5.09

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10162

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.DomaIQ.Win32.83
2.0.0.2007

File size:
323.2 KB (330,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
1/23/2014 10:53:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:prl8sf608N/cz9GD0mOh3Jhh9Ha24+7Y6:tl8sC08N89StOh4+9

Entry address:
0x1BBB

Entry point:
E8, 37, 27, 00, 00, E9, 7F, FE, FF, FF, A1, D8, 0D, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, D8, 0D, 41, 00, 6A, 04, 50, E8, C7, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, D8, 0D, 41, 00, E8, AE, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 08, F0, 40, 00, 89, 0C, 02, 83, C1, 20, 8D, 52, 04, 81, F9, 88, F2, 40, 00, 7D, 07, A1, D4, 0D, 41, 00, EB, E8, 33, C0, 5E, C3, E8, D8, 2C...
 
[+]

Entropy:
5.8533

Code size:
33 KB (33,792 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security