setup.exe

SVAN TRANS LLC

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The file setup.exe by SVAN TRANS has been detected as adware by 16 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from yourfreedownloadsnow.com and multiple other hosts. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
SVAN TRANS LLC  (signed and verified)

Version:
1.1.5.26

MD5:
8a25d9d2f8266ae49a5f9b8e23915386

SHA-1:
89bf7020e7ab46a560001aabf4db36a0bc8e80d8

SHA-256:
82341b61c82b94013817f2d2d82cbc53cf2c11e3e68418f4d396f536ca496b0e

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/5/2024 2:36:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
796

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.30

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.189.146

avast!
Win32:Amonetize-GN [PUP]
2014.9-141130

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1670

Dr.Web
Trojan.Amonetize.134
9.0.1.0334

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.68509
8.14.11.30.03

ESET NOD32
Win32/Amonetize.BP (variant)
8.10802

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-30-11_1

G Data
Gen:Variant.Adware.Strictor.68509
14.11.24

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.1002

NANO AntiVirus
Riskware.Win32.Amonetize.djmhrz
0.28.6.63726

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.30.15

Sophos
Generic PUA IJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1129
7.2.334

File size:
410.2 KB (420,040 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\710c.tmp

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/23/2014 9:00:00 PM

Valid to:
10/24/2015 8:59:59 PM

Subject:
CN=SVAN TRANS LLC, O=SVAN TRANS LLC, L=Kyiv, S=Kyiv, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3C6E398047F45804FB263D9CD86EF926

File PE Metadata
Compilation timestamp:
11/29/2014 3:02:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:113B6ODAS8g4baJQVhMptNRBmcQmlvZzd976gCyJY5+OyMBAPM+6:13ig4baJQAjTv1dB6DAY5pmMx

Entry address:
0x25F04

Entry point:
E8, 2E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 09, 45, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, F0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Code size:
244.5 KB (250,368 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security