setup.exe

Fileadventure

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Premium Installer ” by Fileadventure has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from dl88.llstny.com.
Publisher:
Premium Installer   (signed by Fileadventure)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
b3d2f30ca0d459006ef0a899385aa1fc

SHA-1:
41f0857a9640ed0b03cda378002203f92f532220

SHA-256:
0940d8af707479be49abc625070b46990b061eddad69a81f5d101ec525bfc548

Scanner detections:
40 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 10:35:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.161766
373

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
2014.08.14

Avira AntiVirus
Adware/iBryte.bxov
7.11.182.116

avast!
Win32:Adware-gen [Adw]
2014.9-160128

AVG
Adware AdPlugin
2017.0.2851

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.16128

Bitdefender
Gen:Variant.Adware.Graftor.161766
1.0.20.140

Clam AntiVirus
Win.Adware.Ibryte-592
0.98/19086

Comodo Security
Application.Win32.AgentCV.HWYE
19325

Dr.Web
Trojan.DownLoader11.40251
9.0.1.028

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.161766
8.16.01.28.03

ESET NOD32
Win32/Adware.iBryte.BR (variant)
10.10726

Fortinet FortiGate
W32/Malware_fam.NB
1/28/2016

F-Prot
W32/A-2b3be3da
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.161766
11.2016-28-01_5

G Data
Win32.Adware.IBryte
16.1.24

IKARUS anti.virus
Trojan-Clicker.BFNI
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.185.13853

Kaspersky
Trojan.Win32.Buzus
14.0.0.749

Malwarebytes
PUP.Optional.OptimunInstaller
v2016.01.28.03

McAfee
IBryte-FSO
5600.6507

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Gen:Variant.Kazy.439479
17.0.0.84

NANO AntiVirus
Trojan.Win32.Badur.dhhunu
0.28.6.62995

Norman
IBryte.STR
11.20160128

nProtect
Trojan.GenericKD.1618449
14.04.10.01

Panda Antivirus
Trj/Genetic.gen
16.01.28.03

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
TrojanDownloader.Badur.A5
1.16.14.00

Reason Heuristics
PUP.Adknowledge.Fileadventure.Bundler (M)
16.1.28.3

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.16126

Sophos
Mal/Inject-CEE
4.98

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
9359

Total Defense
Win32/Tnega.WHYEFHC
37.0.11219

Trend Micro House Call
TROJ_CLIKUG.A
7.2.28

Trend Micro
TROJ_CLIKUG.A
10.465.28

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4778314
34232

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
389.9 KB (399,224 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/14/2014 2:00:00 AM

Valid to:
7/15/2015 1:59:59 AM

Subject:
CN=Fileadventure, O=Fileadventure, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EF279A57EB2CCFE0FCD97FC0F239ADE

File PE Metadata
Compilation timestamp:
11/17/2014 5:00:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:GuOIdKDz7zi/+6d145/usOYuH6WoufDiiUMMR7BzUxW0pA+U+Nx:Gu5dKDz7zD6345/uxHTouRUMM8W0LJx

Entry address:
0x1612A

Entry point:
E8, F9, 98, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 7C, 56, 43, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 7C, 56, 43, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F...
 
[+]

Code size:
169.5 KB (173,568 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security