setup.exe

The application setup.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dlp.cloudsvr310.com and multiple other hosts.
MD5:
2ff457209e03647e4b4f89864a31b629

SHA-1:
6648141c5c48cdad6c99acee9f9452689b3f71da

SHA-256:
f6a758df5e5fff5ad946ed8dabfd5083c1805f128b4ea9572dff45ac08741518

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
11/25/2024 4:46:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
6213306

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.16

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:DomaIQ-BF [PUP]
141214-1

AVG
Adware Skodna.Bundle_r.S
2015.0.3253

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1780

Clam AntiVirus
Win.Trojan.Domaiq-11
0.98/19786

Comodo Security
Application.Win32.DomaIQ.KKL
20383

Dr.Web
Trojan.DownLoad3.31551
9.0.1.0356

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
9.0.0.4668

ESET NOD32
Win32/DomaIQ.AZ (variant)
8.10883

Fortinet FortiGate
Adware/DomaIQ
12/22/2014

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

G Data
Application.Bundler.DomaIQ
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.187.14339

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.2758

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.22.11

McAfee
Program.CryptDomaIQ
5600.6909

Microsoft Security Essentials
Threat.Undefined
1.189.2207.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.1068

NANO AntiVirus
Trojan.Win32.DomaIQ.cssxal
0.28.6.64267

Norman
Application.Bundler.DomaIQ.Q
04.12.2014 14:30:06

nProtect
Trojan-Clicker/W32.Agent.330920
14.12.15.01

Panda Antivirus
Trj/Genetic.gen
14.12.22.11

Quick Heal
Adware.DomaIQ.BT5
12.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.22.11

Rising Antivirus
PE:Adware.Graftor!6.14B6
23.00.65.141220

Sophos
PUA 'DomainIQ pay-per install'
5.09

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10162

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.DomaIQ.Win32.83
2.0.0.2007

File size:
323.2 KB (330,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
1/23/2014 10:53:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:prl8sf608N/cz9GD0mOh3Jhh9Ha24+7YC:tl8sC08N89StOh4+5

Entry address:
0x1BBB

Entry point:
E8, 37, 27, 00, 00, E9, 7F, FE, FF, FF, A1, D8, 0D, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, D8, 0D, 41, 00, 6A, 04, 50, E8, C7, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, D8, 0D, 41, 00, E8, AE, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 08, F0, 40, 00, 89, 0C, 02, 83, C1, 20, 8D, 52, 04, 81, F9, 88, F2, 40, 00, 7D, 07, A1, D4, 0D, 41, 00, EB, E8, 33, C0, 5E, C3, E8, D8, 2C...
 
[+]

Entropy:
5.8534

Code size:
33 KB (33,792 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security