home

setup.exe

Wizard

Yumon System SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Yumon System SL has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from flv.orangesofts.com.
Publisher:
Yumon System SL  (signed and verified)

Product:
Wizard

Version:
1. 9. 8. 7

MD5:
007b3bbcf5e62e2080b15d59b0994784

SHA-1:
4f443f2f70062305e007f6c002c4a941694c83b3

SHA-256:
26f1bcb7f80bd2af31daf07b9c77ae3579736490c4ba95530fc18edf31b42a23

Scanner detections:
32 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/7/2024 7:38:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.117871
6212523

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2014.11.29

Avira AntiVirus
APPL/Softpulse.1014112
7.11.189.122

avast!
Win32:SoftPulse-BE [PUP]
141214-1

AVG
Found Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}
2014.0.4189

Bitdefender
Gen:Variant.Graftor.165890
1.0.20.1775

Clam AntiVirus
Win.Adware.Softpulse-27
0.98/19780

Comodo Security
Application.Win32.SoftPulse.D
20283

Dr.Web
Adware.SoftPules.3
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.117871
9.0.0.4668

ESET NOD32
Win32/SoftPulse.P potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Kryptik.BWOY!tr
12/21/2014

F-Prot
W32/A-3f31f6a7
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.117871
5.13.68

G Data
Win32.Application.SoftPulse
14.12.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14239

Kaspersky
Trojan.Win32.Buzus
15.0.0.543

Malwarebytes
PUP.Optional.SmartSec
v2014.12.21.04

McAfee
Program.SoftPulse
16.8.708.2

MicroWorld eScan
Gen:Variant.Graftor.165890
15.0.0.1065

NANO AntiVirus
Trojan.Win32.DriverUpd.djmoky
0.28.6.63726

Norman
Gen:Variant.Adware.Zusy.117871
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.21.04

Qihoo 360 Security
Malware.QVM18.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.YumonSystemSL.F
14.12.21.16

Sophos
SoftPulse
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10164

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.5064683
35418

Zillya! Antivirus
Adware.Agent.Win32.25201
2.0.0.2006

File size:
1.3 MB (1,347,984 bytes)

Product version:
1. 9. 8. 7

Copyright:
Copyright (C) 2014

Original file name:
Wizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Yumon System SL

Authority:
VeriSign, Inc.

Valid from:
10/10/2014 1:00:00 AM

Valid to:
10/11/2015 12:59:59 AM

Subject:
CN=Yumon System SL, O=Yumon System SL, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AA6674633422C69E81B62EE2A7C074B

File PE Metadata
Compilation timestamp:
12/5/2014 1:45:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:MK6fxaOhc2dC3Rfzy41rWibAiCEydknBds0a0m1lK8K:B6JpC3RLy41aibAiCE1Ps0a1LK1

Entry address:
0x17C13B

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.9042

Packer / compiler:
ASPack v1.08.04

Code size:
144.5 KB (147,968 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://flv.orangesofts.com/down/flash/.../down.php?sid=808&dv1=ad807-gb&kw1=ad807-gb-xx&uuid=69453921-c41e-4763-6fe5-51e7ae53a3bc&dv3=69453921-c41e-4763-6fe5-51e7ae53a3bc

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.