» setup.exe
Overview
Analysis
File Details
Downloads (4)

setup.exe

Download Manager

It uses the Air Installer distribution platform (a pay-per-install monetization download manager) to bundle unwanted software such as adware and browser toolbars during setup. The application setup.exe by Download Manager has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from install.oinstaller5.com and multiple other hosts.

File name:

setup.exe

Publisher:

Download Manager (signed and verified)

Product:

Download Manager

Version:

2.5.0.24

MD5:

47fc1a4198f1483c4b0c675c0220fb0a

SHA-1:

47d2e1ff1448d5d886581a32ad017f6a45e887cb

SHA-256:

49ba5bb6cfabc620faa937c84006b26a54b64fb0875b6e8c3e9c1eee8d1995e7

Scanner detections:

29 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/25/2024 4:23:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.AirInstaller.4

698

Agnitum Outpost

PUA.AirAd

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2014.12.26

Avira AntiVirus

ADWARE/Adware.Gen

7.11.167.196

avast!

Win32:Adware-CJY [PUP]

2014.9-150309

AVG

Generic

2016.0.3176

Bitdefender

Gen:Variant.Symmi.49926

1.0.20.340

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Airadinstaller-457

0.98/20165

Comodo Security

Packed.Win32.MUPX.Gen

21347

Dr.Web

Adware.Downware.9532

9.0.1.068

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.AirInstaller

8.15.03.09.08

ESET NOD32

Win32/AirAdInstaller.E potentially unwanted application

9.7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2015-09-03_2

G Data

Gen:Variant.Symmi.49926

15.3.24

herdProtect (fuzzy)

variant of unconfirmed 258588.crdownload (Adware)

2015.6.15.9

IKARUS anti.virus

AdWare.AirAdInstaller

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.1814525

Kaspersky

not-a-virus:AdWare.Win32.AirAdInstaller

15.0.0.543

Malwarebytes

PUP.Optional.AirAdInstaller

v2015.03.09.08

McAfee

Trojan.Artemis!757FB24A0964

5600.6832

MicroWorld eScan

Gen:Variant.Application.Bundler.AirInstaller.4

16.0.0.204

NANO AntiVirus

Riskware.Win32.AirAdInstaller.dlqckn

0.30.0.64448

Panda Antivirus

Generic Suspicious

15.03.09.08

Reason Heuristics

DownloadManager.Bundler.Air Software

15.3.9.8

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

23.00.65.15307

Vba32 AntiVirus

AdWare.AirAdInstaller

3.12.26.3

VIPRE Antivirus

Threat.4782985

38882

Zillya! Antivirus

Adware.AirAdInstaller.Win32.771

2.0.0.2139

File size:

1 MB (1,064,256 bytes)

Product version:

2.5.0.24

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Download Manager

Authority:

VeriSign, Inc.

Valid from:

6/9/2014 6:00:00 PM

Valid to:

7/11/2017 5:59:59 PM

Subject:

CN=Download Manager, O=Download Manager, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6771A39C2739AF7082C1C8D8234BB168

File PE Metadata

Compilation timestamp:

12/22/2014 12:17:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:cM1iy9cN7tjk3XUnyAmkx3B6jHcDxVX2CI7ZSeoyq:91iy9SpjX8i6GD2CcSeQ

Entry address:

0x345A40

Entry point:

60, BE, 00, B0, 64, 00, 8D, BE, 00, 60, DB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8907

Packer / compiler:

UPX 2.90LZMA

The file setup.exe has been seen being distributed by the following 4 URLs.

https://install.oinstaller5.com/o/.../Setup.exe

http://secure.3-pn-installer.com/o/.../Setup.exe

http://ecdjancds.tyo8hbshm6.com/98DeX2ELYyGnXCH1MoUHrcvgdU15Cw3TIrydpD01EpCGXoa1DIBV7IXu312XF8xomNSg-NICjOxo_r7GtxROXQx-Rl9ufetL8kM3RbRShD1N1zLInqhgSBstodf5hlKj?sbb=t7ecaRumwcZBGAqEzq4IDDiwnBGZXadFZ2UYLlhL5k6b9KdUZKi7vEhae8J1V24nFz9oURCLDgNy0cJrvCmR49l6dgYUCF4yRTTj8vvcJJJia7NGDwAxxVYmdgqK7nnTZn2XwbMZXjJJB85JecjPDFyjFDm6Cz87m4eAp3f8K5S6jmNwwFZz743lil1cGgSQjqbmXuuQfdHvTQZ0RSb4c7NDIfkUgiW5VOSLvKHqZMqN7iDZ4PDLeogfO9EzdVH57hTmuzBLdgCoReXXHaps81vzmXoq52q4aOUcx5hMyUqzUgzAqwSg7WhpeaWnByInccB39zHDVMzxOl3ZQgFFMIH71cNzOCwnJDf1Th7zpOOGney03DeGRclA1SVqgJmTTBfwKdoRBaUaQbu0cH31sP4gYPm2UquvMTBKyyFmyY54yA01ZieSJdAvr51E8EaQ5NBiB7ZGQO4gKS7QGAQmHkokBVU2YRvhveWtAtWLt0aG6bYBieQBEaqem58hj07YQ5N9oUV8L8IJUuOMmMhVCKYWpJYXULfAtQR0y6WqFNAXKBctveSR9ndlylfWGQf7zPuNpuTW9leuqbFkuyo2Voim8XqpEDQfj6lT2kQMaiYOuqiNIEymSe6DKmChj2ERd1GiYCGy61lR3Adat1fZpf5tJeIxuJ4Z7i5GDy2hcv73PHYQ9R0XEoHwNGZbEAce2zD18jlIFf7wpIwuqjZo1jdo6dKLJt4blRRvLDS2GNkHrdwqN3FiwepFxcPxU7bL0X4HJvFjfqRNbnlr83WZqt2WHHPwGVrXXihIpYI4hOpM42gM1dAqoXrD0khXw06ppYM

http://ttb.6wmqb04uj4.com/download/request/.../ZvGlH2cO?__tc=1411989984.037&lpsl=4c9c6f4b12debd060e538f5d4522b66c&expire=1412076399&PubID=258305&tgu_src_lp_domain=www.prosoftlst.com&ClickID=34280119931411989999&fileName=Setup

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.