setup.exe

Left Click Media

The application setup.exe by Left Click Media has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from intva19.computedomain.info and multiple other hosts.
Publisher:
Left Click Media  (signed and verified)

Product:
Left Click Media

Version:
74.3.1.1111

MD5:
df9583b41c5580ae5af3c591724907a8

SHA-1:
32bd73b3ce88d00a04bb3b17bc66060102f5a7cf

SHA-256:
00ebc1e37b4bfe11ba700c74cbe9eeae4b47afb0f96868881eb6bd0e8c39e6e5

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:28:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.JP.3q3@a0@9MBei
355

Avira AntiVirus
TR/ATRAPS.Gen2
8.3.2.4

Bitdefender
Gen:Trojan.Heur.JP.3q3@a0@9MBei
1.0.20.230

Emsisoft Anti-Malware
Gen:Trojan.Heur.JP.3q3@a0@9MBei
8.16.02.15.06

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted (variant)
10.12870

F-Secure
Gen:Trojan.Heur.JP.3q3@a0@9MBei
11.2016-15-02_2

G Data
Gen:Trojan.Heur.JP.3q3@a0@9MBei
16.2.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

MicroWorld eScan
Gen:Trojan.Heur.JP.3q3@a0@9MBei
17.0.0.138

Norman
Gen:Trojan.Heur.JP.3q3@a0Mc86hi
11.20160215

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Vitallia.LeftClickMedia.Installer (M)
16.2.15.6

VIPRE Antivirus
Threat.4150696
46738

File size:
890.4 KB (911,720 bytes)

Product version:
74.3.1.1111

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/9/2015 6:45:40 AM

Valid to:
12/9/2016 6:45:40 AM

Subject:
CN=Left Click Media, O=Left Click Media, L="Oakland ", S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04DFA3D52CDF7375

File PE Metadata
Compilation timestamp:
1/7/2015 7:36:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:X6AiqGv+NdALCVfFPryZ34CiTfhIyEJUXbkUcfZ2vud61ZEUt5ResaZnUqQHXPO5:/8v+Nd5/c1shHPbkUcfZ2vud61ZEUt5U

Entry address:
0x1000

Entry point:
E8, AB, D3, 00, 00, E9, CD, CB, 00, 00, CC, CC, CC, CC, CC, CC, 81, EC, BC, 00, 00, 00, 8B, 94, 24, CC, 00, 00, 00, 53, 8B, 9C, 24, D8, 00, 00, 00, 55, 8B, AC, 24, CC, 00, 00, 00, 56, 8B, B4, 24, DC, 00, 00, 00, 57, 8B, BC, 24, D8, 00, 00, 00, 8B, 07, 03, C5, 89, 44, 24, 1C, 8B, 03, 8D, 0C, 30, 89, 4C, 24, 34, 8B, 8C, 24, E8, 00, 00, 00, 83, E1, 04, C7, 44, 24, 18, FF, FF, FF, FF, 89, 6C, 24, 10, 89, 74, 24, 20, 89, 4C, 24, 38, 74, 05, 83, C8, FF, EB, 06, 2B, C2, 8D, 44, 30, FF, 8D, 48, 01, 89, 44, 24, 3C...
 
[+]

Code size:
56.5 KB (57,856 bytes)

The file setup.exe has been seen being distributed by the following 50 URLs.

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49813059.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49471613.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49771773.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49480021.exe&checksum=99996

Latest 30 of 163 download URLs

Remove setup.exe - Powered by Reason Core Security