home

setup.exe

Media converter

Greatelsoft Trading Ltd

The application setup.exe, “Media converter Setup ” by Greatelsoft Trading has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from download.mpeg4tomp3converter.net.
Publisher:
Conversionads, Inc.   (signed by Greatelsoft Trading Ltd)

Product:
Media converter

Description:
Media converter Setup

Version:
1.2.0.1

MD5:
3f9073b40274bb6aa4970bf79cfe403a

SHA-1:
a7ffde587b6c400c27683af5b96d39df2091a9d6

SHA-256:
0178036b8394098314880add3f17c64aea4864492d9fcdf483914637d07d9515

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/25/2024 4:44:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.551733
605

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

Avira AntiVirus
Adware/AddLyrics.A.103
7.11.151.204

AVG
Agent.F
2016.0.3083

Comodo Security
ApplicUnwnt
18347

Dr.Web
Trojan.Siggen5.10351
9.0.1.0160

ESET NOD32
Win32/Toolbar.Zugo
9.9857

Fortinet FortiGate
W32/OutBrowse.C
6/9/2015

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Toolbar
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.Lyckriks
14.0.0.1912

McAfee
Artemis!3F9073B40274
5600.6739

MicroWorld eScan
Adware.Generic.551733
16.0.0.480

NANO AntiVirus
Trojan.Win32.AddLyrics.capggi
0.28.0.59921

Panda Antivirus
Trj/OCJ.D
15.06.09.02

Qihoo 360 Security
Win32/Trojan.fd6
1.0.0.1015

Reason Heuristics
PUP.Installer.GreatelsoftTrading
15.6.9.14

Trend Micro House Call
ADW_ADDLYRICS
7.2.160

Trend Micro
ADW_ADDLYRICS
10.465.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Adware.Trojan.Win32.Generic
29676

File size:
13.7 MB (14,417,896 bytes)

Product version:
1.2

Copyright:
Copyright © 2012-2013 Conversionads.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\setup.exe

Digital Signature
Signed by:
Greatelsoft Trading Ltd

Authority:
COMODO CA Limited

Valid from:
7/2/2013 5:30:00 AM

Valid to:
7/3/2014 5:29:59 AM

Subject:
CN=Greatelsoft Trading Ltd, O=Greatelsoft Trading Ltd, STREET="Kyriakou Matsi, 3, Roussos Limassol Tower, 6th floor, flat/office 6A, 3040", L=Limassol, S=Limassol, PostalCode=3040, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EFAAE98A631C872ADDE1E300FDF065A2

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:Jm3TeEf0ken7Q3kcTH0Eg7naCVvgTdQxrAk2mrlBvQgCECPStaEgb2QcgTTv+:J86lkWwPQM5kAk2mrlh1Z+MajNcQv+

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9998

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://download.mpeg4tomp3converter.net/download.php

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.