setup.exe

Inertware

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Prime Installer ” by Inertware has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer.
Publisher:
Prime Installer   (signed by Inertware)

Product:
Prime Installer

Description:
Prime Installer

Version:
3.5.9.2

MD5:
614673c1c1e6552c70046e5f0aa328c7

SHA-1:
31303338178427c9359ac483a3490d40e591aedd

SHA-256:
90c1c741f8c4e7a4434237c4a3dc0beffce63c0c976c49194ac5de61c9aba10f

Scanner detections:
19 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/28/2024 8:57:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Ibryte.BM
728

Avira AntiVirus
Adware/iBryte.bxpj
7.11.207.178

AVG
Adware AdPlugin
2016.0.3206

Bitdefender
Adware.Ibryte.BM
1.0.20.190

Clam AntiVirus
Win.Adware.Ibryte-7821
0.98/20033

Dr.Web
Trojan.DownLoader12.15685
9.0.1.038

Emsisoft Anti-Malware
Adware.Ibryte.BM
8.15.02.07.11

ESET NOD32
Win32/Adware.iBryte.BY application
9.7.0.302.0

F-Prot
W32/S-dcc1cb3e
v6.4.7.1.166

F-Secure
Adware.Ibryte.BM
11.2015-07-02_7

G Data
Adware.Ibryte.BM
15.2.25

Malwarebytes
PUP.Optional.SwiftBrowse
v2015.02.07.11

MicroWorld eScan
Adware.Ibryte.BM
16.0.0.114

NANO AntiVirus
Trojan.Win32.DownLoader12.dnihtg
0.30.0.65070

Norman
IBryte.URL
11.20150207

nProtect
Adware.Ibryte.BM
15.02.05.01

Panda Antivirus
Generic Suspicious
15.02.07.11

Reason Heuristics
PUP.Installer.Adknowledge
15.2.10.11

VIPRE Antivirus
Threat.4798837
37240

File size:
394.4 KB (403,824 bytes)

Product version:
3.5.9.2

Copyright:
Copyright (C) Prime Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/14/2014 2:00:00 AM

Valid to:
7/15/2015 1:59:59 AM

Subject:
CN=Inertware, O=Inertware, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B17D2DC81A4AB47B03A1531303433731

File PE Metadata
Compilation timestamp:
2/4/2015 2:00:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:WfJOJ0F0/G4NTZNocdZEKIbzxr5G4w1lo3py:wyBFNocdZEKI3Jhp5y

Entry address:
0x1A393

Entry point:
E8, BD, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, 00, A4, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, EC, B5, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, EC...
 
[+]

Code size:
183.5 KB (187,904 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (54.231.1.240:443)

TCP (HTTP):
Connects to ec2-23-23-215-34.compute-1.amazonaws.com  (23.23.215.34:80)

TCP (HTTP):
Connects to ec2-23-21-165-62.compute-1.amazonaws.com  (23.21.165.62:80)

Remove setup.exe - Powered by Reason Core Security