setup.exe

File Downloader

Software Assistant

The application setup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from lot.online-softs.com.
Publisher:
Software Assistant

Product:
File Downloader

Version:
3.0.0.157

MD5:
1fb0202988b6db86561888479851b20d

SHA-1:
988087fd61025dc4a66116a574159f0c19e88b0f

SHA-256:
e909afeefc874e1823bb7fcd1c75d5afccbb3156e2be1bb7737986e6cca9779f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 4:10:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia.Bundler (M)
16.8.10.0

File size:
1.2 MB (1,205,960 bytes)

Product version:
3.0.0.157

Copyright:
(c) Software Assistant

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

File PE Metadata
Compilation timestamp:
1/30/2013 3:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jxGip4a7e57q0DojCZnrdDDsdf0x750igsEdFX6ZVob/EJak4F:84MRomrdDD/uitZY/EJakC

Entry address:
0x113BC

Entry point:
77, 04, 8B, F6, FE, CC, 69, F1, 45, 6A, AF, 60, 0A, EC, 89, DD, 69, D7, 0C, 49, FA, 57, 1B, FE, F6, C3, 8B, F2, 3D, 79, E0, 00, 00, 14, 73, 49, BF, 0F, C5, EF, 4C, 8D, 2D, 43, 27, 09, 1F, C6, C1, EE, 84, D8, 69, F6, 72, A5, 27, 1A, F6, C0, 73, E8, 11, 00, 00, 00, 89, D3, F6, C0, A4, 85, ED, 73, 02, 84, F3, 81, F9, 80, 6A, 00, 00, 5E, 72, 03, 18, F0, F3, 8B, DA, 0F, B6, C0, F7, C3, FC, 23, 2D, 55, 0F, BF, CB, C7, C3, 41, DF, 0C, 9F, FE, C0, 85, E9, 22, E7, 8B, FA, 4B, 80, F4, A2, 81, FB, E1, E5, 00, 00, 77...
 
[+]

Entropy:
7.0545

Code size:
65.5 KB (67,072 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security