setup.exe

Long Mile Solutions, LLC

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Long Mile Solutions has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl.recordcheckerapp.com.
Publisher:
Long Mile Solutions, LLC  (signed and verified)

MD5:
36044c3b50f8672600ccae89d525899e

SHA-1:
661d10604cd1c4b9362685dc0015630f3ea89674

SHA-256:
38c15e9c550219e947fff87c86c3236b8a7be9ba4e2c6c9e5c8de175db84e339

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 10:17:05 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.ExFriendAlert
2015.03.15

Avira AntiVirus
ADWARE/Adware.Gen
7.11.217.66

avast!
Win32:BHO-AMO [PUP]
2014.9-150314

Dr.Web
Adware.Plugin.128
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

IKARUS anti.virus
PUA.ExFriendAlert
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15262

Malwarebytes
PUP.Optional.RecordChecker.A
v2015.03.14.09

NANO AntiVirus
Trojan.Win32.ExFriendAlert.deioie
0.30.0.296

Reason Heuristics
PUP.Installer.Injekt
15.3.14.9

Sophos
PUA 'Record Checker' (of type Adware)
5.12

Trend Micro House Call
Suspici.F4CBE3E4
7.2.73

VIPRE Antivirus
Threat.4784449
38050

File size:
3.3 MB (3,456,296 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/26/2013 1:00:00 AM

Valid to:
4/27/2014 12:59:59 AM

Subject:
CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", STREET=640 GRAND AVE STE E, L=CARLSBAD, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53B89B8046F82D87A2C562F3D007CB45

File PE Metadata
Compilation timestamp:
6/6/2009 10:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:5HXd2IQ9i0o9KOnT4VCdllrEieH6TPojfy+VO:5bQ9o9bTZrlrEH6cja+o

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9896

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security