setup.exe

INSTALL DOT EXE

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Premium Installer ” by INSTALL DOT EXE has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address server-54-230-53-207.jfk6.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Premium Installer   (signed by INSTALL DOT EXE)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
f46aa3b888bfdae5f933ce03cdb5875b

SHA-1:
8bcecc75e885a1670c1a7f4d28e4ca6f888bddec

SHA-256:
0cf5e8b1a0e26a4074cdf5b7c0081c7a62934a126b20ec316fe4d1ed7b7dd441

Scanner detections:
27 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 4:52:44 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
14.05.01

Avira AntiVirus
Adware/iBryte.A.4581
7.11.138.218

avast!
Win32:PUP-gen [PUP]
2014.9-140501

AVG
Skodna.Generic
2015.0.3488

Comodo Security
TrojWare.Win32.IBryte.S
17991

Dr.Web
Adware.Downware.2203
9.0.1.0121

ESET NOD32
Win32/AdWare.iBryte
8.9592

F-Secure
Gen:Variant.Application.Bundler
11.2014-08-08_6

G Data
Win32.Adware.Ibryte
14.5.24

K7 AntiVirus
Adware
13.176.11595

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3934

Malwarebytes
v2014.05.01.02

NANO AntiVirus
Trojan.Win32.Downware.cuifvl
0.28.0.58720

nProtect
Trojan/W32.Buzus.2627880
14.04.22.01

Panda Antivirus
Trj/Genetic.gen
14.08.08.03

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.INSTALLDOTEXE.F
14.8.8.3

Rising Antivirus
PE:Malware.iBryte!6.14B5
23.00.65.14429

Total Defense
Win32/Tnega.BYaFcbB
37.0.10973

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Optimum Installer
27734

Zillya! Antivirus
Trojan.Buzus.Win32.119940
2.0.0.1776

File size:
1.6 MB (1,663,784 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=INSTALL DOT EXE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INSTALL DOT EXE, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4C8303B332693FCF64E1E7DFD7841493

File PE Metadata
Compilation timestamp:
1/16/2014 3:10:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:WEm5xov6t8YDzTn+s3+a5JQ1+x5jf6q/zPveHkry9iveHory9YER1sMviWTdbmDb:WEm5xKINPd3+a5JQ85/jEU1W1BGBd2G

Entry address:
0x36105

Entry point:
E8, 5E, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, D0, 4C, 47, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, 02, 59, 00, 77, 22, 6A, 04, E8, 61, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, C3, 9B, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, 44, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, B4, EE, 58, 00, 00, 75, 18, E8, 99, 81, 00, 00, 6A, 1E, E8, C1, 7F, 00, 00, 68, FF, 00, 00, 00, E8, D7, 4C, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.0959

Code size:
392 KB (401,408 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-55-34.jfk6.r.cloudfront.net  (54.230.55.34:80)

TCP (HTTP):
Connects to server-54-230-53-207.jfk6.r.cloudfront.net  (54.230.53.207:80)

Remove setup.exe - Powered by Reason Core Security