» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Ignition Installer

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Ignition Installer has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from vtgtrk.com.

File name:

setup.exe

Publisher:

Ignition Installer (signed and verified)

Version:

1.0.6.142

MD5:

38de552ffdf17ceae216b57586c55f86

SHA-1:

5cbfe1efe7ff24dc0161caf5100fa96741ddee8a

SHA-256:

8391751e8a4b99d0573e87b454510e35afe9b0bc6eaaba4de799bca8ad406769

Scanner detections:

8 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 2:46:35 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OptimumInstaller

2015.03.25

avast!

Win32:Adware-gen [Adw]

2014.9-150515

Dr.Web

Adware.Downware.9970

9.0.1.0135

ESET NOD32

Win32/Verti.J potentially unwanted (variant)

9.11372

NANO AntiVirus

Riskware.Win32.Verti.dmncmr

0.30.8.659

Reason Heuristics

Threat.Installer.IgnitionInstaller

15.5.14.22

Vba32 AntiVirus

AdWare.Verti

3.12.26.3

VIPRE Antivirus

Ignition Installer

38742

File size:

249.3 KB (255,240 bytes)

Product version:

1.0.6.142

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Ignition Installer

Authority:

Symantec Corporation

Valid from:

3/16/2015 6:00:00 PM

Valid to:

4/15/2016 5:59:59 PM

Subject:

CN=Ignition Installer, O=Ignition Installer, L=Bellevue, S=Washington, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

4AD02B79DCF38F3E9774567F4C94AC58

File PE Metadata

Compilation timestamp:

3/13/2015 4:11:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:pIz/iSKI3ciBKjY1UbMDO30D5XTtN/eR+wovDxSpJw6VuKuPljT9SLoSNw:NSRcikjpbAc0DZTt9tDEQ1K6ln9woSNw

Entry address:

0x169770

Entry point:

60, BE, 00, 00, 53, 00, 8D, BE, 00, 10, ED, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 55, 79, 16, 00, 57, 83, C3, 04, 53, 68, 6C, 97, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9744 (probably packed)

Code size:

236 KB (241,664 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://vtgtrk.com/?a=1320&c=2876&s5=nuketowngames/download/minecraft&consent2=4E42A4CB-B3B0-45A1-8ECA-39878BE09F2B&hash=2FIrO1cMJumFfguASraVbX2X8c5C1gU9QSLuLu3h-WYxCpr_P0dXzkQR6VVU-xLAOFmyPZWINLK0lzXtawdJ64sUXqdR1cCvtTdkzhD_rDTCKUKtPSwmEv8xmWVmF8ZLqGRpSwHFVORzwOndNzyG8m2jpH1FKc3SEJF3FVyuh4QqwZYb9yWeMRIHKlIEGMFAl4hHchcd2b09rn_EJiCjsYuEAGOMfGUXvAi0hvC3SKtt6v7yA5cNbMZYlCx8QG6uJbi9bPWGd_b1pqCd379aTnNMdonMbiMHQQ6Hj9DqLC9LvnqjmLp4pvRj8Eyap4y0YvwJyB71dPDuPtqdHMTWNA,,&ignts=142695634716073234&ref=http://www.nuketowngames.com/download/.../

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.