setup.exe

Skunk Dog Media

The application setup.exe by Skunk Dog Media has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Tomorrow Software Installer installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.downloadmanager106.com.
Publisher:
Safeguarded Swift System Installer  (signed by Skunk Dog Media)

Product:
Safeguarded Swift System Installer

Version:
60.6.6.1765

MD5:
40b851512984f4145ca44e8bafc7e0e8

SHA-1:
8de9339e488386a4d961c0a957a6d0287f369a26

SHA-256:
055ef20bcb25bfaf50bf9833ce0e29eafd7787dd3fc7e337f3286f942f098169

Scanner detections:
33 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 6:28:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15041089
360

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DownloadAdmin
2015.10.06

Avira AntiVirus
PUA/DownloadAdmin.774912
8.3.2.2

avast!
Win32:PUP-gen [PUP]
2014.9-160210

AVG
Downloader.Generic_r
2017.0.2838

Bitdefender
Trojan.Generic.15041089
1.0.20.205

Bkav FE
W32.HfsAdware
1.3.0.7237

Clam AntiVirus
Win.Trojan.Downloadadmin-133
0.98/21511

Comodo Security
UnclassifiedMalware
23361

Dr.Web
Trojan.Vittalia.419
9.0.1.041

Emsisoft Anti-Malware
Trojan.Generic.15041089
8.16.02.10.01

ESET NOD32
Win32/DownloadAdmin.N potentially unwanted (variant)
10.12360

Fortinet FortiGate
Riskware/DownloadAdmin
2/10/2016

F-Prot
W32/DownloAdmin.B.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.15041089
11.2016-10-02_4

G Data
Trojan.Generic.15041089
16.2.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.210.17432

Kaspersky
not-a-virus:Downloader.Win32.DownloAdmin
14.0.0.685

Malwarebytes
PUP.Optional.DownLoadAdmin
v2016.02.10.01

McAfee
Artemis!F251B0FC9FAE
5600.6494

Microsoft Security Essentials
Threat.Undefined
1.207.757.0

MicroWorld eScan
Trojan.Generic.15041089
17.0.0.123

NANO AntiVirus
Trojan.Win32.DownloAdmin.dwzuvy
0.30.26.3725

nProtect
Trojan.Generic.15041089
15.10.05.01

Panda Antivirus
Trj/CI.A
16.02.10.01

Reason Heuristics
PUP.TomorrowSoftware.SkunkDogMedia.Bundler (M)
16.2.10.1

Sophos
Generic PUA NN (PUA)
4.98

Trend Micro
TROJ_GEN.R0EBC0PIK15
10.465.10

Vba32 AntiVirus
SScope.Downware.DownloadAdmin
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44318

Zillya! Antivirus
Downloader.DownloAdmin.Win32.1680
2.0.0.2429

File size:
756.8 KB (774,936 bytes)

Product version:
60.6.6.1765

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tomorrow Software Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
9/6/2015 1:23:40 AM

Valid to:
9/5/2016 9:47:46 PM

Subject:
CN=Skunk Dog Media, O=Skunk Dog Media, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0090B94CB4414E99DA

File PE Metadata
Compilation timestamp:
10/13/2014 5:30:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:dL7we7DjtyOSAvAssUizeJbym7v+dr2lXPOaK5Ozvx1kgjBzK2I:Oe7DjtyOSQAsjizebbS6l/O+zvxHjLI

Entry address:
0x1EFBE0

Entry point:
60, BE, 00, 60, 53, 00, 8D, BE, 00, B0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9232

Packer / compiler:
UPX 2.90LZMA

Code size:
744 KB (761,856 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security