setup.exe

Download Manager

It uses the Air Installer distribution platform (a pay-per-install monetization download manager) to bundle unwanted software such as adware and browser toolbars during setup. The application setup.exe by Download Manager has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from install.oinstaller5.com and multiple other hosts.
Publisher:
Download Manager  (signed and verified)

Product:
Download Manager

Version:
2.5.0.24

MD5:
47fc1a4198f1483c4b0c675c0220fb0a

SHA-1:
47d2e1ff1448d5d886581a32ad017f6a45e887cb

SHA-256:
49ba5bb6cfabc620faa937c84006b26a54b64fb0875b6e8c3e9c1eee8d1995e7

Scanner detections:
29 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/25/2024 4:23:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.AirInstaller.4
698

Agnitum Outpost
PUA.AirAd
7.1.1

AhnLab V3 Security
PUP/Win32.Installer
2014.12.26

Avira AntiVirus
ADWARE/Adware.Gen
7.11.167.196

avast!
Win32:Adware-CJY [PUP]
2014.9-150309

AVG
Generic
2016.0.3176

Bitdefender
Gen:Variant.Symmi.49926
1.0.20.340

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Airadinstaller-457
0.98/20165

Comodo Security
Packed.Win32.MUPX.Gen
21347

Dr.Web
Adware.Downware.9532
9.0.1.068

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.AirInstaller
8.15.03.09.08

ESET NOD32
Win32/AirAdInstaller.E potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2015-09-03_2

G Data
Gen:Variant.Symmi.49926
15.3.24

IKARUS anti.virus
AdWare.AirAdInstaller
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.1814525

Kaspersky
not-a-virus:AdWare.Win32.AirAdInstaller
15.0.0.543

Malwarebytes
PUP.Optional.AirAdInstaller
v2015.03.09.08

McAfee
Trojan.Artemis!757FB24A0964
5600.6832

MicroWorld eScan
Gen:Variant.Application.Bundler.AirInstaller.4
16.0.0.204

NANO AntiVirus
Riskware.Win32.AirAdInstaller.dlqckn
0.30.0.64448

Panda Antivirus
Generic Suspicious
15.03.09.08

Reason Heuristics
DownloadManager.Bundler.Air Software
15.3.9.8

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
23.00.65.15307

Vba32 AntiVirus
AdWare.AirAdInstaller
3.12.26.3

VIPRE Antivirus
Threat.4782985
38882

Zillya! Antivirus
Adware.AirAdInstaller.Win32.771
2.0.0.2139

File size:
1 MB (1,064,256 bytes)

Product version:
2.5.0.24

Copyright:
(c) Download Manager

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/9/2014 6:00:00 PM

Valid to:
7/11/2017 5:59:59 PM

Subject:
CN=Download Manager, O=Download Manager, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6771A39C2739AF7082C1C8D8234BB168

File PE Metadata
Compilation timestamp:
12/22/2014 12:17:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:cM1iy9cN7tjk3XUnyAmkx3B6jHcDxVX2CI7ZSeoyq:91iy9SpjX8i6GD2CcSeQ

Entry address:
0x345A40

Entry point:
60, BE, 00, B0, 64, 00, 8D, BE, 00, 60, DB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8907

Packer / compiler:
UPX 2.90LZMA

The file setup.exe has been seen being distributed by the following 4 URLs.

Remove setup.exe - Powered by Reason Core Security