Setup.exe

File Setup LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by File Setup has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
File Setup LLC  (signed and verified)

MD5:
5a8ad5910c6f9368850180e3d7fafedb

SHA-1:
9b0a2c1dd622168aa531322e376ae0fa9c54b931

SHA-256:
2df0316d5cd42b4090bad91fb59f71470361aceef813b8e04d2d671a87c3408f

Scanner detections:
13 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 12:53:06 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.04.22

Avira AntiVirus
PUA/Softpulse.Gen
3.6.1.96

avast!
Win32:SoftPulse-GK [PUP]
2014.9-150422

AVG
Generic
2016.0.3131

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.175
9.0.1.0112

ESET NOD32
Win32/SoftPulse.AC potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
2015.7.23.15

NANO AntiVirus
Trojan.Win32.Domaiq.dpqzmd
0.30.20.1219

Panda Antivirus
Trj/Genetic.gen
15.04.22.12

Reason Heuristics
Threat.Softpulse.Bundler
15.4.22.8

VIPRE Antivirus
Threat.4150696
39354

File size:
606.7 KB (621,216 bytes)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/16/2014 7:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=File Setup LLC, O=File Setup LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
425AE115F148D1124BA864570081A9B7

File PE Metadata
Compilation timestamp:
3/13/2015 7:13:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:eVGpNI16eTfkpqkIKmtNDl/QalfelrRu9wEhrUfg/WPZ39oRp:eVGpGvDIsKm7D6alyRuKWUfg/6p9G

Entry address:
0x1000

Entry point:
B8, 24, 19, 5D, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, C5, 50, 8D, 45, F4, 64, A3, 00, 6A, 14, E8, B5, 07, EA, FB, 83, C4, 04, 89, 45, EC, C7, 45, FC, 00, D9, 61, 16, F0, 83, 7D, EC, 00, 74, 1A, 00, E9, 62, 39, 40, E8, 50, 6A, 08, 8B, 4D, 02, 72, B1, 59, EC, 05, 0B, E4, EB, 07, 74, 32, 17, D9, E4, 81, E5, BC, C0, E4, 89, 4D, F0, FF, C3, B4, 3C, 0B, 8B, 45, F0, 89, 0D, 1D, FE, 27, C0, 00, 59, 8B, E5, 5D, C3, CC, 7B, 25, 7F...
 
[+]

Entropy:
7.8825

Packer / compiler:
PECompact v2

Code size:
1.2 MB (1,253,888 bytes)

Remove Setup.exe - Powered by Reason Core Security