setup.exe

Ignition Installer

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Ignition Installer has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from vtgtrk.com.
Publisher:
Ignition Installer  (signed and verified)

Version:
1.0.6.142

MD5:
38de552ffdf17ceae216b57586c55f86

SHA-1:
5cbfe1efe7ff24dc0161caf5100fa96741ddee8a

SHA-256:
8391751e8a4b99d0573e87b454510e35afe9b0bc6eaaba4de799bca8ad406769

Scanner detections:
8 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:26:44 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OptimumInstaller
2015.03.25

avast!
Win32:Adware-gen [Adw]
2014.9-150515

Dr.Web
Adware.Downware.9970
9.0.1.0135

ESET NOD32
Win32/Verti.J potentially unwanted (variant)
9.11372

NANO AntiVirus
Riskware.Win32.Verti.dmncmr
0.30.8.659

Reason Heuristics
Threat.Installer.IgnitionInstaller
15.5.14.22

Vba32 AntiVirus
AdWare.Verti
3.12.26.3

VIPRE Antivirus
Ignition Installer
38742

File size:
249.3 KB (255,240 bytes)

Product version:
1.0.6.142

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/16/2015 6:00:00 PM

Valid to:
4/15/2016 5:59:59 PM

Subject:
CN=Ignition Installer, O=Ignition Installer, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4AD02B79DCF38F3E9774567F4C94AC58

File PE Metadata
Compilation timestamp:
3/13/2015 4:11:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:pIz/iSKI3ciBKjY1UbMDO30D5XTtN/eR+wovDxSpJw6VuKuPljT9SLoSNw:NSRcikjpbAc0DZTt9tDEQ1K6ln9woSNw

Entry address:
0x169770

Entry point:
60, BE, 00, 00, 53, 00, 8D, BE, 00, 10, ED, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 55, 79, 16, 00, 57, 83, C3, 04, 53, 68, 6C, 97, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9744  (probably packed)

Code size:
236 KB (241,664 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security