» Setup.exe
Overview
Analysis
File Details

Setup.exe

Internet

OOO Next Point

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Internet Setup ” by OOO Next Point has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

Generic (signed by OOO Next Point)

Product:

Internet

Description:

Internet Setup

MD5:

b404354a1f8327c06b0523b1458f45d0

SHA-1:

8abfc31e72050ba9c5ffb6271dd5c30554c95117

SHA-256:

c186be97f9a95b6390fc8eb16652bbb784c261ca53d08ccd23c3c1f1068f8ac7

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/23/2024 7:51:41 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Malware-gen

150521-0

Comodo Security

Application.Win32.InstallCore.DFE

22212

Dr.Web

Trojan.InstallCore.534

9.0.1.05190

ESET NOD32

Win32/InstallCore.ZC potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.installCore.Installer

15.5.22.14

VIPRE Antivirus

Threat.4150696

40432

File size:

808.5 KB (827,936 bytes)

Product version:

5.3.3

Internet

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

OOO Next Point

Authority:

COMODO CA Limited

Valid from:

3/23/2015 6:00:00 PM

Valid to:

3/23/2016 5:59:59 PM

Subject:

CN=OOO Next Point, OU=OOO Next Point, O=OOO Next Point, STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

347CF1F72926F17F233ABEB3001C4438

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:h3TGtYS7097j8s6zFHtkoGKRXMWzETdUZXMch/9hWT5SB50fZNF7GeuNkkYWfvPD:h3TnIYURN306MG9hWgB5oN79uNf6ri

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8254

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.