setup.exe

Installer

Stepitapp LLC

The application setup.exe by Stepitapp has been detected as adware by 11 anti-malware scanners. The file has been seen being downloaded from nym1.ib.adnxs.com and multiple other hosts. While running, it connects to the Internet address 7.182.222.162.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Stepitapp LLC  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
d2a55dbb13c5b5dee35a4ce2ac1f3462

SHA-1:
60a18ca3188d671a25a3557e4c042bfeb5ab80a0

SHA-256:
bce4b0be4c4525efd6c7e02b9db70f2da1cfdd7c59cddea1edca706326964937

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/25/2024 4:52:42 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140731

Fortinet FortiGate
Riskware/Agent
7/31/2014

G Data
Win32.Trojan.Agent.4P134N
14.7.24

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.3477

McAfee
Artemis!D2A55DBB13C5
5600.7052

Panda Antivirus
Trj/Chgt.A
14.07.31.04

Qihoo 360 Security
Win32/Virus.Downloader.8e5
1.0.0.1015

Reason Heuristics
PUP.Installer.Stepitapp.F
14.7.31.16

Trend Micro House Call
Suspicious_GEN.F47V0628
7.2.212

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Conduit
30978

File size:
395.4 KB (404,912 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
FinalInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/10/2013 6:00:00 PM

Valid to:
12/11/2014 5:59:59 PM

Subject:
CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata
Compilation timestamp:
6/14/2014 8:25:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:r8YewCKibqI59PpOPf201/z7pHmJI9ftR2lu2o7X:rrwKibqI59Pk2cb7pHmJ0ftR2llCX

Entry address:
0x60F1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1905

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
380 KB (389,120 bytes)

The file setup.exe has been seen being distributed by the following 19 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 7.182.222.162.bc.googleusercontent.com  (162.222.182.7:80)

Remove setup.exe - Powered by Reason Core Security