home

setup.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Smart Secure Software S.l has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.lpmxp1091.com.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
30924b5882a486e23e3ee873d3d9ef8e

SHA-1:
36e6e74b4ce8da1a3da9320e9e90670bb493aa25

SHA-256:
c338639b6a978a6362988297ecb40cd98f672a3be0b778bc3a32303a6c308983

Scanner detections:
30 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 6:28:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.107390
837

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.21

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.180.40

avast!
Win32:SoftPulse-AH [PUP]
141003-0

AVG
Generic
2015.0.3315

Bitdefender
Gen:Variant.Adware.Zusy.107390
1.0.20.1470

Clam AntiVirus
Win.Trojan.Agent-791796
0.98/21411

Comodo Security
Application.Win32.SoftPulse.W
19861

Dr.Web
Trojan.DownLoader11.35292
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.107390
8.14.10.21.07

ESET NOD32
Win32/SoftPulse.L potentially unwanted application
7.0.302.0

F-Prot
W32/A-87364241
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.107390
11.2014-21-10_3

G Data
Gen:Variant.Adware.Zusy.107390
14.10.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.DomaIQ
v2014.10.21.07

McAfee
SoftPulse
5600.6971

MicroWorld eScan
Gen:Variant.Adware.Zusy.107390
15.0.0.882

NANO AntiVirus
Trojan.Win32.SoftPulse.dewgcl
0.28.2.62841

nProtect
Trojan-Clicker/W32.Agent.1344736
14.10.19.01

Quick Heal
Trojan.Buzus.A4
10.14.14.00

Reason Heuristics
PUP.Installer.SmartSecureSoftwareSl.F
14.10.21.7

Sophos
Smart Secure Software
4.98

Total Defense
Win32/Tnega.bROdPVC
37.0.11240

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34114

Zillya! Antivirus
Adware.Agent.Win32.12586
2.0.0.1960

File size:
1.3 MB (1,344,736 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Smart Secure Software S.l.

Authority:
VeriSign, Inc.

Valid from:
6/17/2014 1:00:00 AM

Valid to:
6/18/2015 12:59:59 AM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47353B4EEC0D902A135E20BEE1A66817

File PE Metadata
Compilation timestamp:
9/11/2014 4:00:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NpyhP5RFFrSEyFPu8JR9ksaQFCLwbLflBPk:qyFPu8D9k5QELuLs

Entry address:
0x997F

Entry point:
E8, A9, 29, 00, 00, E9, 7F, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 88, 11, 46, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 6A, 03, E8, 27, 29, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 1A, 29, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, E8, 22, 46, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33...
 
[+]

Entropy:
7.6716

Code size:
76.5 KB (78,336 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://ttb.lpmxp1091.com/download/request/.../SuxgELn6?__tc=1410866072.093&lpsl=861c761cf9001094374173c59cb30390&expire=1410951770&source=1&tgu_src_lp_domain=www.requiredinstall.com&fileName=Setup

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.