setup.exe

MusicRemote

Mindad media Ltd.

The application setup.exe by Mindad media has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.default-page.com and multiple other hosts.
Publisher:
MindAd  (signed by Mindad media Ltd.)

Product:
MusicRemote

Version:
1.0

MD5:
709b3295d732b83a0c81abd3d3d2d66b

SHA-1:
51262be59a9093e279d64bb06ec5f08d605def17

SHA-256:
f07d704a93d78566e6d6522ac8a482b04ec5810298b402be4a667cb10c17c253

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
12/25/2024 12:55:53 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AVG
Skodna.Downloader
2015.0.3576

Bkav FE
W32.Clod8ba.Trojan
1.3.0.4923

Dr.Web
Adware.Downware.1676
9.0.1.033

ESET NOD32
Win32/OutBrowse (variant)
8.9357

Fortinet FortiGate
Riskware/OutBrowse
4/12/2014

K7 AntiVirus
Unwanted-Program
13.175.11015

Malwarebytes
PUP.Optional.OutBrowse
v2014.02.02.12

Reason Heuristics
PUP.Installer.Mindadmedia.F
14.8.7.21

Sophos
DomainIQ pay-per install
4.97

Trend Micro House Call
TROJ_GEN.F47V1013
7.2.33

VIPRE Antivirus
OutBrowse
25962

File size:
600.1 KB (614,520 bytes)

Copyright:
© MindAd

Trademarks:
MusicRemote

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/5/2013 4:30:00 AM

Valid to:
8/6/2014 4:29:59 AM

Subject:
CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata
Compilation timestamp:
12/6/2009 2:20:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:t0NVA0xqRzfENG8tB4nC26iSmK62I2hn4GTuqjHJm:tOVx6c7tB4nC26FmP2ISRXtm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9772

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following 50 URLs.

http://www.default-page.com/musicremote?d1=1&clickid=709--396--1383584308.0917--1a0e90c9c4

http://www.default-page.com/musicremote?d1=1&clickid=218--935--1383058235.0767--4cc92c57fe

http://www.default-page.com/musicremote?d1=1&clickid=232--457--1385042098.8477--16d0569edd

http://www.default-page.com/musicremote?d1=1&clickid=232--391--1382455065.0131--0758ae41b7

http://www.default-page.com/musicremote?d1=1&clickid=232--414--1381803939.5206--e4727b88c1

http://www.default-page.com/musicremote?d1=1&clickid=232--1118--1385086644.4973--3a7fc4f38d

http://www.default-page.com/musicremote?d1=1&clickid=232--941--1385048882.4198--d865cecac2

http://download-instantly.com/isn/js/http://.../iLividSetup.exe

http://www.default-page.com/musicremote?d1=1&clickid=218--383--1382201229.088--afdb061bc5

http://www.default-page.com/musicremote?d1=1&clickid=232--941--1386200851.1448--b9563d96e9

http://flv.hs1dmr.com/aff_c?offer_id=44&aff_id=1020&url_id=166&aff_sub=473--486--1382755431.2385--57cff31774&cb=57cff31774

http://www.default-page.com/musicremote?d1=1&clickid=292--464--1383601686.2236--063ceb4af1

http://www.default-page.com/musicremote?d1=1&clickid=279--595--1383033814.2969--5839db7376

http://www.default-page.com/musicremote?d1=1&clickid=476--897--1383744318.592--eccea5b6d8

http://www.default-page.com/musicremote?d1=1&clickid=709--396--1383638689.2915--607123ed81

http://www.default-page.com/musicremote?d1=1&clickid=709--595--1383583533.6935--acc9202d26

http://www.default-page.com/musicremote?d1=1&clickid=709--464--1383462421.3244--0070697ded

http://www.default-page.com/musicremote?d1=1&clickid=279--428--1383402570.661--70a415df23

http://www.default-page.com/musicremote?d1=1&clickid=232--460--1386531004.1899--cc4b3a3f30

http://www.default-page.com/musicremote?d1=1&clickid=232--1118--1385848664.3716--f3f4636092

Latest 30 of 251 download URLs

Remove setup.exe - Powered by Reason Core Security