setup.exe

TOV Okhtyrka Myasoprodukt

The application setup.exe by TOV Okhtyrka Myasoprodukt has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 7769domain.com.
Publisher:
TOV Okhtyrka Myasoprodukt  (signed and verified)

MD5:
ab92c496b4cba9bc0fac39978758ff5a

SHA-1:
7d779dd51149735e679fe4feecf4870cd4747346

SHA-256:
c839644e7ca679753cd4a8d04de967ede21485e49cbbcfd5a6253c4ff3ac71a6

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 4:34:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:OutBrowse-FF [PUP]
160327-1

Dr.Web
Trojan.OutBrowse.109
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Application.Bundler.Outbrowse.AN
11.5.0.6191

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.562

McAfee
Program.Adware-OutBrowse.e
18.0.204.0

Norman
MemScan:Application.Bundler.Outbrowse.AN
10.04.2016 15:29:17

Reason Heuristics
PUP.OutBrowse (M)
16.5.1.9

File size:
581.2 KB (595,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/28/2014 6:00:00 PM

Valid to:
12/29/2015 5:59:59 PM

Subject:
CN=TOV Okhtyrka Myasoprodukt, O=TOV Okhtyrka Myasoprodukt, L=Selo Mala Pavlіvka, S=Ukraine, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
55B556962C4B665C8190102F859B279E

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2nNSlXT4E/nKAxiYPI1datPc60Wql28S4Y8wgp117YgSlzWN0T:2oB4q4FMS6xql1pw61sgSlzW2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9745

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security