home

setup.exe

VBLoader

Overall Media, Inc.

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application setup.exe by Overall Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from 735322.gosecureinstall.com.
Publisher:
Adknowledge  (signed by Overall Media, Inc.)

Product:
VBLoader

Version:
1.00

MD5:
711b73562db876f918d97525da9532d4

SHA-1:
325b263502078a2d3e840597af5311de2c0a4acb

SHA-256:
1c648ec0eff0b3a711533108c036891610b44c4b625bd82daa8f6b6c6bb90211

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 11:23:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
16.7.26.18

File size:
68.3 KB (69,944 bytes)

Product version:
1.00

Original file name:
optimum_installer_downloader.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Overall Media, Inc.

Authority:
COMODO CA Limited

Valid from:
5/14/2014 7:00:00 PM

Valid to:
5/15/2015 6:59:59 PM

Subject:
CN="Overall Media, Inc.", O="Overall Media, Inc.", STREET=855 Village Center Drv, STREET="Suite #336", L=St. Paul, S=MN, PostalCode=55127, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
20CC4646E1A4400DB7FA2D15D1C8F1CB

File PE Metadata
Compilation timestamp:
5/21/2014 2:17:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:qXcUlispvxt60dadoHyvliShAgIsiWMGltr8l848/+8qU9w:qX7pO0dae6AapIUtgNz

Entry address:
0x16E4

Entry point:
68, 88, 1A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A9, 87, 47, A5, 81, 2D, DA, 40, 88, 68, 47, F7, 46, 5F, B6, 6E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 70, 59, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, C2, F0, F4, D0, 1C, D1, BF, 43, B0, FB, DC, 6E, 27, A3, 4E, 46, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Entropy:
4.7736

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
32 KB (32,768 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://735322.gosecureinstall.com/o/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.