» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Setup

ViD PLaY

The application setup.exe by ViD PLaY has been detected as adware by 27 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.down3245.info.

File name:

setup.exe

Publisher:

ViD PLaY (signed and verified)

Product:

Setup

Version:

1.9.3.0

MD5:

607e8e5a4b3626530ee8878dee3303d2

SHA-1:

821a97a4e54520b69631cc544902c91d009efcb1

SHA-256:

bdf358f8380c7f86eb8a8649ed2132a2c56aa3c9a9fd4385f17dfbc721f87132

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/27/2024 4:42:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.13092241

5769277

Agnitum Outpost

PUA.OutBrowse

7.1.1

avast!

OutBrowse-IJ [PUP]

150319-1

AVG

Adware AdPlugin.CUA

2014.0.4311

Bitdefender

Dropped:Trojan.Generic.13092241

1.0.20.595

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.OutBrowse.215

9.0.1.05190

Emsisoft Anti-Malware

Dropped:Trojan.Generic.13092241

9.0.0.4799

ESET NOD32

Win32/OutBrowse.BU potentially unwanted

9.11552

Fortinet FortiGate

Riskware/OutBrowse

4/29/2015

F-Prot

W32/OutBrowse.I (exact, not disinfectable)

4.6.5.141

F-Secure

Trojan.Generic.13092241

11.2015-29-04_4

G Data

Dropped:Trojan.Generic.13092241

15.4.25

IKARUS anti.virus

not-a-virus:AdWare.OutBrowse

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.203.15747

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

15.0.0.543

McAfee

Program.Adware-OutBrowse.e

16.8.708.2

MicroWorld eScan

Dropped:Trojan.Generic.13092241

16.0.0.357

NANO AntiVirus

Trojan.Win32.Generic.dorbni

0.30.24.1357

Panda Antivirus

Generic Suspicious

15.04.29.03

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Reason Heuristics

Threat.Outbrowse.Installer.Outborwse

15.4.29.10

SUPERAntiSpyware

Adware.OutBrowse/Variant

9906

Trend Micro House Call

TROJ_GE.9F34CC6E

7.2.119

Trend Micro

TROJ_GE.9F34CC6E

10.465.29

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.3

VIPRE Antivirus

Threat.5085447

39486

File size:

1.1 MB (1,152,088 bytes)

Product version:

1.9.3.0

Setup

Original file name:

Ionic.Zip-2015Mar15-164618-53ddc8db-e84b-4e0e-a5d4-1aa348a8dc39.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

ViD PLaY

Authority:

thawte, Inc.

Valid from:

3/10/2015 1:00:00 AM

Valid to:

12/18/2015 12:59:59 AM

Subject:

CN=ViD PLaY, O=ViD PLaY, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

6559B30CB367EA0752AFDD3F7ACAAD29

File PE Metadata

Compilation timestamp:

3/15/2015 5:46:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:VbSaE4mvt/955a99YsRJczn0uUb209UJMZB0i:VbSv4mvv5M9fO4u62bJkKi

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://get.down3245.info/.../1426437973/1426437973?73485904797YGJwKi42cDkqKikwMCJcOCk0NDAuH2U6LystLCZqNicfXS45RlBEQkFLHVxlZl9jZFs9Tm0oKWpVQEteZSZlXGZnNjIicmRnPS4fWmU2ZGFsLy4

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.