» Setup.exe
Overview
Analysis
File Details

Setup.exe

vId play

The file Setup.exe by vId play has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

vId play (signed and verified)

MD5:

4d51d045414eefb27054edd3c131666e

SHA-1:

8764c959ac34e2073c37311adc27d99315dc07f3

SHA-256:

53d0515e00efecda400bd7c44e21923b9a6e2fece0661df5318884b568ec9435

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/6/2024 11:38:39 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.02.03

Avira AntiVirus

APPL/Downloader.Gen

7.11.206.144

AVG

Downloader

2016.0.3102

Baidu Antivirus

PUA.Win32.OutBrowse

4.0.3.15521

Dr.Web

Trojan.OutBrowse.88

9.0.1.0141

ESET NOD32

Win32/OutBrowse.BS potentially unwanted (variant)

9.11112

Fortinet FortiGate

Riskware/OutBrowse

5/21/2015

K7 AntiVirus

DoS-Trojan

13.193.14838

Malwarebytes

PUP.Optional.OutBrowse.gen

v2015.05.21.11

McAfee

Artemis!4D51D045414E

5600.6758

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Outbrowse.Installer.Outborwse

15.5.21.23

Sophos

Generic PUA IH

4.98

Trend Micro House Call

TROJ_GEN.R02SH06B115

7.2.141

File size:

582.4 KB (596,408 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

vId play

Authority:

thawte, Inc.

Valid from:

1/27/2015 7:00:00 PM

Valid to:

12/17/2015 6:59:59 PM

Subject:

CN=vId play, O=vId play, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7EBEFABABE4FF6ED9A2375F072C4A7DD

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:QRxfoTqhek3+zRoh5Z8zA8dhY+WIfGObcwJP0cdDjY/XrT:QrDhRqRiozldWifGObc8822

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9705

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.