home

setup.exe

Tomorrow Software Installer

Tomorrow Software

The application setup.exe, “Tomorrow Software Installer ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tomorrow Software Installer installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from mirror.fastmirror3.com.
Publisher:
Tomorrow Software

Product:
Tomorrow Software Installer

Description:
Tomorrow Software Installer

Version:
2.0.0.1

MD5:
d9df460817f48fe8d9e17f60c5cfea60

SHA-1:
5516e91048d3b7176a4237645216ec3220dfbfb3

SHA-256:
3af52d016f2384db26166607f1781790b96a4ca8256e64bb89d7c11a00ceb4f9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 11:57:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TomorrowSoftware.Installer.Installer.Meta (M)
16.5.17.5

File size:
909 KB (930,832 bytes)

Product version:
2.0.0.1

Copyright:
Copyright (C) 2015

Original file name:
tomorrow-setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tomorrow Software Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

File PE Metadata
Compilation timestamp:
6/25/2015 8:16:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:2WMLKmtvPyHu72twBtYaqkCYviUb5GlbOAHCnA/k4ND8:riKmHyOCtqt5pCdU8o4D8

Entry address:
0xC7A2

Entry point:
72, 05, 23, E8, 41, F6, D0, F6, DE, BE, E1, 09, B2, 94, 89, F3, 0F, C8, 81, FA, 92, 89, 00, 00, 68, 15, C2, EA, 00, 8A, C0, 78, 0C, 86, D8, 84, E3, 8B, FF, 69, D0, C2, 6B, 36, E8, E8, 22, 00, 00, 00, 84, C5, 40, EB, 06, 0F, CB, 08, DA, 3A, DE, 87, F2, 8D, 3B, 0F, BF, F5, 1A, F7, 8B, C7, 81, E2, 9B, 1B, C3, FB, 47, 2B, E8, 0F, AF, D3, 58, C7, C7, 38, 69, 51, 1A, 86, F2, 69, FE, 94, A9, BD, 5C, 03, EB, F6, DD, 0F, 6E, C8, 0F, 7E, C9, 0F, BE, C7, 69, F8, 11, 53, 8E, DA, 81, C1, 6E, 5A, 0D, 00, F6, DA, 81, E9...
 
[+]

Entropy:
7.9566  (probably packed)

Code size:
51.5 KB (52,736 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://mirror.fastmirror3.com/binstallers/BM2/kmplayer/exe/391136/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.