setup.exe

File Setup LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by File Setup has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.1btvoy0pn.com.
Publisher:
File Setup LLC  (signed and verified)

MD5:
b5d928d28d66f9547e108dd3e1779f27

SHA-1:
618ed19d7663cf14daae0ead9ccb62c7d041d621

SHA-256:
345746318a83cd9c9159e47fdae956ad33172c583d312c582cc031b7a5cc08eb

Scanner detections:
13 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/23/2024 11:41:27 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.04.22

Avira AntiVirus
PUA/Softpulse.Gen
3.6.1.96

avast!
Win32:SoftPulse-GK [PUP]
2014.9-150422

AVG
Generic
2016.0.3131

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.175
9.0.1.0112

ESET NOD32
Win32/SoftPulse.AC potentially unwanted application
7.0.302.0

NANO AntiVirus
Trojan.Win32.Domaiq.dpqzmd
0.30.20.1219

Panda Antivirus
Trj/Genetic.gen
15.04.22.12

Reason Heuristics
Threat.Softpulse.Bundler
15.4.22.8

VIPRE Antivirus
Threat.4150696
39354

File size:
606.6 KB (621,208 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/16/2014 7:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=File Setup LLC, O=File Setup LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
425AE115F148D1124BA864570081A9B7

File PE Metadata
Compilation timestamp:
3/13/2015 7:13:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:+VGpNI11FTfkpqkIKmtNDl/QalfelrRu9wEhrUfg/WPZ39oRi:+VGpG5DIsKm7D6alyRuKWUfg/6p9Z

Entry address:
0x1000

Entry point:
B8, 24, 19, 5D, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, C5, 50, 8D, 45, F4, 64, A3, 00, 6A, 14, E8, B5, 07, EA, FB, 83, C4, 04, 89, 45, EC, C7, 45, FC, 00, D9, 61, 16, F0, 83, 7D, EC, 00, 74, 1A, 00, E9, 62, 39, 40, E8, 50, 6A, 08, 8B, 4D, 02, 72, B1, 59, EC, 05, 0B, E4, EB, 07, 74, 32, 17, D9, E4, 81, E5, BC, C0, E4, 89, 4D, F0, FF, C3, B4, 3C, 0B, 8B, 45, F0, 89, 0D, 1D, FE, 27, C0, 00, 59, 8B, E5, 5D, C3, CC, 7B, 25, 7F...
 
[+]

Entropy:
7.8833

Packer / compiler:
PECompact v2

Code size:
1.2 MB (1,253,888 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security