setup.exe

App secure LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by App secure has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from admin.magnotstop.com.
Publisher:
App secure LLC  (signed and verified)

MD5:
143aa83a9defbbedbd61c38b86d8ecc8

SHA-1:
5b5fa9631e66b172090e7dbe83d0fa8761a17228

SHA-256:
e174351a04a48748e32f796e817c50c28340c59b591a7e4dacca794efba34458

Scanner detections:
9 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 2:01:11 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.1.6

Dr.Web
Trojan.Domaiq.196
9.0.1.0180

Emsisoft Anti-Malware
Gen:Variant.Application.Graftor.182456
8.15.06.29.03

ESET NOD32
Win32/SoftPulse.AH potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Graftor
11.2015-29-06_2

Kaspersky
not-a-virus:Downloader.Win32.DriverUpd
14.0.0.1814

Norman
Gen:Variant.Application.Graftor.182456
11.20150629

Reason Heuristics
PUP.Softpulse.Appsecure.Bundler (M)
15.6.26.10

Sophos
PUA 'SoftPulse' (of type Adware)
5.15

File size:
667.2 KB (683,256 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/17/2014 5:30:00 AM

Valid to:
12/18/2015 5:29:59 AM

Subject:
CN=App secure LLC, O=App secure LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D0A1845D85007CD040B350F48C5F721

File PE Metadata
Compilation timestamp:
6/22/2015 2:54:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:fuICix5biGGkpfJaQRLWpxeTMb3LGr3t0aX/pShgQwM7TwXwodf3nuE:fJCKVkQR0eTMb3LGr3lXIhxwiUwcfnuE

Entry address:
0x1BDDE0

Entry point:
60, BE, 00, 20, 52, 00, 8D, BE, 00, F0, ED, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8521

Packer / compiler:
UPX 2.90LZMA

Code size:
624 KB (638,976 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security