setup.exe

Fileadventure

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Swift Installer ” by Fileadventure has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from gihcn892.pn-installer9.com and multiple other hosts.
Publisher:
Swift Installer   (signed by Fileadventure)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
5c4b266d4120fa43c58fb5c7f53b7cf8

SHA-1:
ae078d81dcb8523d26d0e643a359d2f72c29d820

SHA-256:
79f5e1f1779494908a2c452ada7015e2650278cb1247934e8f2df1c496da1616

Scanner detections:
40 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:03:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.166854
6209727

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
2014.08.14

Avira AntiVirus
Adware/iBryte.zline
7.11.189.196

avast!
Win32:Adware-gen [Adw]
2014.9-141221

AVG
Found Win32/DH{gRKBEyAlflCBB3lUTxVRgQkcU04}
2015.0.3254

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.141221

Bitdefender
Gen:Variant.Adware.Graftor.161766
1.0.20.1775

Clam AntiVirus
Win.Trojan.Agent-763594
0.98/21511

Comodo Security
Application.Win32.Ibryte.NW
20277

Dr.Web
Trojan.DownLoader11.51174
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.166854
9.0.0.4668

ESET NOD32
Win32/Adware.iBryte.BS application
7.0.302.0

Fortinet FortiGate
W32/Malware_fam.NB
12/21/2014

F-Prot
W32/A-a1a6e5b1
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.166854
5.13.68

G Data
Win32.Adware.IBryte
14.12.24

IKARUS anti.virus
Trojan-Clicker.BFNI
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.186.14225

Kaspersky
not-a-virus:AdWare.Win32.iBryte
15.0.0.543

Malwarebytes
PUP.Optional.Ibryte
v2014.12.21.05

McAfee
Program.IBryte-FSW
16.8.708.2

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Gen:Variant.Kazy.439479
15.0.0.1065

NANO AntiVirus
Trojan.Win32.Badur.dhhunu
0.28.6.62995

Norman
Gen:Variant.Adware.Graftor.166854
04.12.2014 14:30:06

nProtect
Trojan.GenericKD.1618449
14.04.10.01

Panda Antivirus
Trj/Genetic.gen
14.12.21.05

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
TrojanDownloader.Badur.A5
12.14.14.00

Reason Heuristics
PUP.Installer.Fileadventure.F
14.12.21.5

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.141219

Sophos
Mal/Inject-CEE
4.98

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10165

Total Defense
Win32/Tnega.WHYEFHC
37.0.11219

Trend Micro House Call
TROJ_CLIKUG.A
7.2.355

Trend Micro
TROJ_CLIKUG.A
10.465.21

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4798837
35224

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
350.9 KB (359,288 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/14/2014 2:00:00 AM

Valid to:
7/15/2015 1:59:59 AM

Subject:
CN=Fileadventure, O=Fileadventure, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EF279A57EB2CCFE0FCD97FC0F239ADE

File PE Metadata
Compilation timestamp:
12/4/2014 8:00:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:lFmiWFhfUfMXf5ZGTt2KsXzlsevnxYjSSrzhPsDNnq2S:Xmi8MEXRZesZsevejHhPsDtPS

Entry address:
0x20391

Entry point:
E8, AD, AE, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, E4, 73, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 60, 70, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Code size:
276.5 KB (283,136 bytes)

The file setup.exe has been seen being distributed by the following 6 URLs.

Remove setup.exe - Powered by Reason Core Security