setup.exe

Long Mile Solutions, LLC

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Long Mile Solutions has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.spyalertapp.com.
Publisher:
Long Mile Solutions, LLC  (signed and verified)

MD5:
a6085d632ab1841f13efa22f02f5e0eb

SHA-1:
86984d2ee0733c5aacd9b7a76278e1d505e66fe2

SHA-256:
c5defc6ed69e588cc2ae6a227d7ee5bcfc052539a58d5137909de202f5a99509

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/30/2024 11:29:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
JS:BHO-O [PUP]
2014.9-140214

Bkav FE
W32.Clodb6c.Trojan
1.3.0.4562

ESET NOD32
Win32/ExFriendAlert (variant)
8.9050

Malwarebytes
PUP.Optional.ExfriendAlert
v2014.02.14.01

McAfee
Artemis!A6085D632AB1
5600.7219

Reason Heuristics
PUP.Installer.LongMileSolutions.F
14.8.8.0

Trend Micro House Call
TROJ_GEN.F47V1026
7.2.45

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
23380

File size:
3.5 MB (3,637,376 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/25/2013 8:00:00 PM

Valid to:
4/26/2014 7:59:59 PM

Subject:
CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", STREET=640 GRAND AVE STE E, L=CARLSBAD, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53B89B8046F82D87A2C562F3D007CB45

File PE Metadata
Compilation timestamp:
6/6/2009 5:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:w08arUuDte7R84amTlV2AdllrEiUKeeVazzV+8QlZ0:w08a4uDM7uor2ArlrELKDVa3g0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9527  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security