setup.exe

SETUP DOT EXE

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Premium Installer ” by SETUP DOT EXE has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.lpcloudbox400.com.
Publisher:
Premium Installer   (signed by SETUP DOT EXE)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
965e71cc1af1b05577b18d2886d39ac6

SHA-1:
82710f009c894d08b6e64d0ad99d43368cd329e8

SHA-256:
318283abef043f96e66784e39658d66e47bd745412d1a644313bdd6e00c08cc4

Scanner detections:
38 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/27/2024 4:09:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.B
423

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimumInstaller
2014.05.22

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.147.82

avast!
Win32:IBryte-CZ [PUP]
2014.9-151209

AVG
Adware AdPlugin
2016.0.2901

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.15129

Bitdefender
Application.Bundler.Agent.B
1.0.20.1715

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Ibryte-236
0.98/19305

Comodo Security
Application.Win32.iBryte.WRP
18248

Dr.Web
Trojan.Packed.26900
9.0.1.0343

Emsisoft Anti-Malware
Application.Bundler.Agent
8.15.12.09.11

ESET NOD32
Win32/AdWare.iBryte.AA application
9.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2238381
12/9/2015

F-Prot
W32/DomaIQ.G.gen
v6.4.7.1.166

F-Secure
Application.Bundler.Agent
11.2015-09-12_4

G Data
Win32.Adware.Ibryte
15.12.24

IKARUS anti.virus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12041

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.998

Malwarebytes
v2015.12.09.11

McAfee
GenericATG-FGI!AA091FF371C6
5600.6557

MicroWorld eScan
Application.Bundler.Agent.B
16.0.0.1029

NANO AntiVirus
Trojan.Win32.Badur.cxnsau
0.28.0.59826

Norman
Downloader
11.20151209

nProtect
Trojan-Clicker/W32.iBryte.250664
14.07.06.01

Panda Antivirus
Trj/Genetic.gen
15.12.09.11

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
12.15.14.00

Reason Heuristics
PUP.Adknowledge.SETUPDOTEXE.Bundler (M)
15.12.9.11

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.151207

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
9458

Total Defense
Win32/Tnega.XABfAXD
37.0.10836

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28862

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
212.3 KB (217,376 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=SETUP DOT EXE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SETUP DOT EXE, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
348784BF9B5AF7CB50276EA8463A9048

File PE Metadata
Compilation timestamp:
5/18/2014 9:00:10 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:LcY5PA4t708HYHsK1fR6MI5CWgYtJi4mlPWeWP59mpCn:N5o4ZXEhfRcxFmpCn

Entry address:
0xDCD7

Entry point:
E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 62, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 60, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3745

Code size:
148 KB (151,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security