home

Setup.exe

Soft Program installer

OOO Next Point

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Soft Program installer Setup ” by OOO Next Point has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Internet   (signed by OOO Next Point)

Product:
Soft Program installer

Description:
Soft Program installer Setup

MD5:
87f898bc2e187d97e50c9f14689af9c1

SHA-1:
9abaf5c1cd7ae66c2df1f0f5e340f3c0d67e2f26

SHA-256:
5e0109e1a8318a1bdad44b084f359979ba2acbc6a618975238f5d200fecbe384

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 7:58:04 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Malware-gen
2014.9-150409

Comodo Security
Application.Win32.InstallCore.DAH
22280

Dr.Web
Trojan.InstallCore.534
9.0.1.0193

ESET NOD32
Win32/InstallCore.ZC potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of unconfirmed 45937.crdownload (Adware)
2015.7.12.2

K7 AntiVirus
Adware
13.204.16086

Malwarebytes
PUP.Optional.InstallCore.C
v2015.07.12.02

VIPRE Antivirus
Threat.4150696
40552

File size:
804.5 KB (823,768 bytes)

Product version:
1.8.5

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
OOO Next Point

Authority:
COMODO CA Limited

Valid from:
3/23/2015 8:00:00 PM

Valid to:
3/23/2016 7:59:59 PM

Subject:
CN=OOO Next Point, OU=OOO Next Point, O=OOO Next Point, STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
347CF1F72926F17F233ABEB3001C4438

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:EsNY48Qvy5Y/4QiMSBFU5xXBvRx80biaOUEOri:EGY4Xv1gHMSBG5Xvb+t/Ori

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8178

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.