» Setup.exe
Overview
Analysis
File Details

Setup.exe

App Program

Internet Application

The file Setup.exe, “App Program Setup ” has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

Internet Application

Product:

App Program

Description:

App Program Setup

MD5:

1297587cf8b504622085cecb2d47754c

SHA-1:

acc08f07fb0486c906133b536fab0e5ae470902c

SHA-256:

964111e8707ed3e9800b0efacdf010bd7dd7734b1420aad7c2964005b7d8ec06

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

1/14/2025 10:21:52 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Badur

7.1.1

Avira AntiVirus

PUA/InstallCore.A.11

8.3.1.6

avast!

Malware-gen

150602-1

Comodo Security

Application.Win32.InstallCore.DQY

22631

ESET NOD32

Win32/InstallCore.YL potentially unwanted application

7.0.302.0

G Data

Win32.Application.InstallCore.EG

15.6.25

K7 AntiVirus

Adware

13.205.16415

NANO AntiVirus

Riskware.Win32.InstallCore.dsmvpd

0.30.24.2266

Qihoo 360 Security

Win32/Virus.24a

1.0.0.1015

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

3.12.26.4

VIPRE Antivirus

Threat.4150696

40786

File size:

756.6 KB (774,708 bytes)

Product version:

5.6

Installer Web

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:ciLGeyVj4nrvFuTMOrGxUGTZmRqWiWJ3p45KydrbTGLFy3/bq2SFg6fm8ucgrkmF:ciLvqj0jFuTMD7mRqWVJ3SnTGLFubpSW

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8857

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.