home

setup.exe

Finance Alert

Valid Applications

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Valid Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from champs5x.tinyboxarcade.com.
Publisher:
Valid Applications  (signed and verified)

Product:
Finance Alert

Version:
3.0.91.1

MD5:
f517d287c085b675b6e9ef4c77b49ed8

SHA-1:
396311bf4bbc4f0e98100a844df4c6fcc53c279e

SHA-256:
c738c1ec5d2aa2690144840bbf603938944ffd30244d150087c5d951ce9f44a0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/26/2024 4:13:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.ValidApplications.Installer (M)
16.2.5.7

File size:
5 MB (5,292,984 bytes)

Product version:
3.0.91.1

Copyright:
Copyright (C) 2015 Valid Applications

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\setup.exe

Digital Signature
Signed by:
Valid Applications

Authority:
Symantec Corporation

Valid from:
9/21/2015 8:00:00 PM

Valid to:
11/20/2016 6:59:59 PM

Subject:
CN=Valid Applications, O=Valid Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5AF15E58D032F4F8F6AA6B3990AF0257

File PE Metadata
Compilation timestamp:
2/4/2016 7:52:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:XWVYS+d5KkmNDkzVMCES098iVEMqQdHlD2JDVCtonqLd+dxpW1c+o9bR:XWVYpvYNtzS096QBl2DQC22yfo91

Entry address:
0x6FD7

Entry point:
E8, CF, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 36, 42, 00, E8, D3, 55, 00, 00, E8, 54, 2A, 00, 00, 0F, B7, F0, 6A, 02, E8, 62, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 76, 53, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8057  (probably packed)

Code size:
107 KB (109,568 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://champs5x.tinyboxarcade.com/fa/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.