home

Setup.exe

Software

OOO ADVERT-M

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Software Setup ” by OOO ADVERT-M has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Program   (signed by OOO ADVERT-M)

Product:
Software

Description:
Software Setup

MD5:
fef88b6fe54f12d42883cf756109f048

SHA-1:
8fc8a62f643c7cfbe680b2cde0205c6bd1977c7e

SHA-256:
af6c2b841ca5acee81b472a75a11a0ab2c4d5503d9920fa0f240d62c870649a3

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 5:27:17 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.IB
3.6.1.96

avast!
Malware-gen
2014.9-150407

ESET NOD32
Win32/InstallCore.YL potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of unconfirmed 10907.crdownload (Adware)
2015.7.11.6

Reason Heuristics
Threat.installCore.Installer
15.4.14.13

File size:
786.3 KB (805,144 bytes)

Product version:
4.4

Copyright:
Web

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
OOO ADVERT-M

Authority:
COMODO CA Limited

Valid from:
3/26/2015 7:00:00 PM

Valid to:
3/26/2016 6:59:59 PM

Subject:
CN=OOO ADVERT-M, O=OOO ADVERT-M, STREET="ul. Vodnikov, d. 11 str. 2 of. 8", L=Moscow, S=Moscow, PostalCode=125362, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D456A38D6E59EDD13FA4143D8336198C

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Ndmo+10YSlw93V2xCXoHk4nIsurKjbZWhc/viwLdP:NUo+1lS69l4Ock4nIsVjvP

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.6604

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.