» setup.exe
Overview
Analysis
File Details
Downloads (2)

setup.exe

SafeGuardSetup.exe

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The executable setup.exe by Alerts has been known to be a potentially unwanted program that has been detected by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from s.allfreesoft.net and multiple other hosts.

File name:

setup.exe

Publisher:

Alerts LLC (signed and verified)

Product:

SafeGuardSetup.exe

Version:

1.0.0.17

MD5:

167992918ba57601adb49e8b6e9638f8

SHA-1:

5cad2c94462d730a0465f776041c93a3e0e28553

SHA-256:

b3c4e49ac02c726b04da07655c0156d2d8a7609457471683a22ee0224c2f074d

Scanner detections:

2 / 68

Status:

Inconclusive but possibly unwanted (There is not enough data for a 100% detection)

Analysis date:

11/23/2024 8:12:59 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V0324

7.2.91

VIPRE Antivirus

Rocketfuel Installer

38976

File size:

128.6 KB (131,728 bytes)

Product version:

1.0.0.17

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Alerts LLC

Authority:

COMODO CA Limited

Valid from:

6/5/2014 10:00:00 AM

Valid to:

6/6/2015 9:59:59 AM

Subject:

CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata

Compilation timestamp:

12/6/2009 9:52:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:HuxkZuTXJul+Qf7PfGGFzrxlPUBBh0PEevFS4tA:HSQEQzPOq7PUB7cE4w4e

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.5460

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://s.allfreesoft.net/inst/software/AD6FF738-E665-419E-BA4B-99A2D245036E/.../Setup.exe

http://i.versscom.net/inst/software/AD6FF738-E665-419E-BA4B-99A2D245036E/.../Setup.exe

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.