home

Setup.exe

The file Setup.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.exceptionaldownload.com.
Version:
1.1.1.72

MD5:
0123bb737a1e5788384fb3e724c32bf7

SHA-1:
33099fd374ee271e1a462cc86bd3b017b54c3b7d

SHA-256:
eaa86ce889a3f8f393868b398c7127d7871b17bd4681bd025c0e1983481ce8dc

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
2/25/2025 8:37:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.938278
641

AegisLab AV Signature
AdWare.W32.BrainInst
2.1.4+

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.10.06

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.176.180

avast!
Win32:Amonetize-O [PUP]
2014.9-150505

AVG
Generic_r
2016.0.3119

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.1555

Bitdefender
Adware.Generic.938278
1.0.20.625

Emsisoft Anti-Malware
Adware.Generic.938278
8.15.05.05.12

ESET NOD32
Win32/Amonetize.AJ (variant)
9.10514

Fortinet FortiGate
Adware/Amonetize
5/5/2015

F-Prot
W32/Amonetize.A.gen
v6.4.7.1.166

F-Secure
Adware.Generic.938278
11.2015-05-05_3

G Data
Adware.Generic.938278
15.5.24

K7 AntiVirus
Trojan
13.183.13584

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2090

Malwarebytes
PUP.Optional.Amonetize.A
v2015.05.05.12

McAfee
PUP-FBM
5600.6775

MicroWorld eScan
Adware.Generic.938278
16.0.0.375

NANO AntiVirus
Riskware.Win32.Amonetize.cvryku
0.28.2.62440

nProtect
Trojan-Clicker/W32.Amonetize.329728.C
14.10.05.01

Panda Antivirus
Trj/Genetic.gen
15.05.05.12

Quick Heal
AdWare.Amonetize.r5 (Not a Virus)
5.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.16A5F8D9!379975897
23.00.65.15503

Sophos
Generic PUA DD
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PEU14
7.2.125

Trend Micro
TROJ_GEN.R0CBC0PEU14
10.465.05

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33686

Zillya! Antivirus
Adware.Amonetize.Win32.715
2.0.0.1944

File size:
322 KB (329,728 bytes)

Product version:
1.1.1.72

Original file name:
i.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
3/18/2014 6:30:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:NBbbVy+KJIrtvP0F0VFEBXziQgPWdejVmfYUa4MAPvaC0GRiDg8Tx43:NBbbY+mQtvc0VFcXz9zfMDAPvaCkg8k

Entry address:
0x26EF4

Entry point:
E8, BE, 95, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00...
 
[+]

Entropy:
6.4222

Code size:
228.5 KB (233,984 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://www.exceptionaldownload.com/download.php?myref=www.winmediaplayer.com&version=1.1.1.72&prefix=VLC Media PlayerSetup&campid=6678&capp=MediaPlayer&ti1=fra1CNnmkM7Nq7S7IRACGKnf573X-Z-BFyINODkuMTU2LjM0LjIzMygBMJy8oZkF&AMt=1395154465501&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.