» Setup.exe
Overview
Analysis
File Details

Setup.exe

Installer Web

Download Missile

The file Setup.exe, “Installer Web Setup ” by Download Missile has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

Program Internet (signed by Download Missile)

Product:

Installer Web

Description:

Installer Web Setup

MD5:

8b9250c731076aadd7fd5a258bb47308

SHA-1:

46a96d3fdc58cbb4f97f301aaa9edb0826e4ce94

SHA-256:

bde4557508c1a612008927a9c8ba556de12f58f13b9a3b71b0210f8559483558

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/12/2025 8:51:41 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2900

ESET NOD32

Win32/InstallCore.ACZ potentially unwanted (variant)

9.12351

Fortinet FortiGate

Riskware/InstallCore

12/10/2015

Malwarebytes

PUP.Optional.InstallCore

v2015.12.10.12

Reason Heuristics

PUP.installCore.DownloadMissile.Installer (M)

15.12.10.0

VIPRE Antivirus

InstallCore

44254

File size:

510.2 KB (522,472 bytes)

Product version:

5.7

Program

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Download Missile

Authority:

COMODO CA Limited

Valid from:

3/13/2015 12:00:00 AM

Valid to:

3/12/2017 11:59:59 PM

Subject:

CN=Download Missile, O=Download Missile, STREET="1930 Village Center Circle #3-1234", L=Las Vegas, S=NV, PostalCode=89134, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008F7F8142D7F60E709EB705A1E0BF8648

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:BMjGQgEwgnFs8U+6hFb//qqapYu++MBTlPadSfXioRcpMXVJo1:BMjtgu6ISFxQYu5MBTlP0QjcpMXVJo1

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9249

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.