» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Setup Downloader

VerifiedInstallation

The application setup.exe by VerifiedInstallation has been detected as adware by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from safedownloadsrus129.com.

File name:

setup.exe

Publisher:

VerifiedInstallation (signed and verified)

Product:

Setup Downloader

Version:

0.1.0.1

MD5:

e419415edd664c75a8a2647918491bed

SHA-1:

b43528e2d11d7775a3475842b398e6e690338608

SHA-256:

9cbd57af3389d4e2210a3453f5b67f8151ada3ee84d8b47549b1fd2378d016a5

Scanner detections:

23 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

12/28/2024 4:36:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.86912

367

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Generic

2015.04.17

Avira AntiVirus

TR/Starter.Y

7.11.30.172

avast!

Win32:GenMaliciousA-SFL [Adw]

2014.9-160202

AVG

AdGazelle

2017.0.2845

Bitdefender

Gen:Variant.Adware.Strictor.86912

1.0.20.165

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Downware.11074

9.0.1.033

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.86912

8.16.02.02.07

ESET NOD32

Win32/AdGazelle.F potentially unwanted application

10.7.0.302.0

F-Prot

W32/S-a6699dba

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Strictor

11.2016-02-02_3

G Data

Gen:Variant.Adware.Strictor.86912

16.2.25

IKARUS anti.virus

PUA.AdGazelle

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.203.15668

Malwarebytes

PUP.Optional.BundleInstaller.A

v2016.02.02.07

MicroWorld eScan

Gen:Variant.Adware.Strictor.86912

17.0.0.99

NANO AntiVirus

Riskware.Win32.Downware.dqyhzo

0.30.20.1219

Norman

Gen:Variant.Adware.Strictor.86912

11.20160202

Reason Heuristics

PUP.AdGazelle.VerifiedInstallation.Installer (M)

16.2.2.19

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4657539

38552

File size:

225.1 KB (230,480 bytes)

Product version:

0.1.0.1

Original file name:

downloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

VerifiedInstallation

Authority:

GoDaddy.com, Inc.

Valid from:

3/3/2015 5:42:42 PM

Valid to:

3/3/2016 5:42:42 PM

Subject:

CN=VerifiedInstallation, O=VerifiedInstallation, L=Las Vegas, S=Nevada, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00AD549677C65B0FD8

File PE Metadata

Compilation timestamp:

4/24/2015 9:51:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:sXBopGqexjPJQ04KPGssrFeILu+HKL4skaziKj67Ag0Fuc9diX2E:sXGfoja0ILrKLYaziKuAOUK/

Entry address:

0xFA10

Entry point:

E8, A4, 9B, 00, 00, E9, 89, FE, FF, FF, FF, 35, 24, 5A, 43, 00, FF, 15, 5C, 80, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, FB, 52, 00, 00, 6A, 01, 6A, 00, E8, 5F, 43, 00, 00, 83, C4, 0C, E9, 24, 43, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1... 
[+]

Code size:

152.5 KB (156,160 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://safedownloadsrus129.com/.../xl?enc=YTkyZmNmOWEzMTNmNDM1ZmJiMWUwYjU0Yjk1YjBlOTgaG1VEWURfWQEIBFEEAVNeBFAFUlZbVwdTCFNUBwQOW1BcVF4FXhtNEUdURA4RAVIBBFBQVgEEAFMJAVIAXABcB11QUVIHWABQVAUADVEXSkALQUcKQAQMVRcBUx5UCgxPAAtET0RREkcTCURHUlMDBg1GC1wNVFARS0ARAVcAFgJWX1xbVhtNEVRLFhYJA1VXVARRCFIFBVsMDFACUQwJTRtWBAREAw9GXV9KFlhQH0BYEwdRUwVSW1pWVQhTCgxSAFNfUlUIVlVTA1ICBAcDWlUIRxxAWUQBGw9AAVcKGk0bURZBXBtBHGIRShZGRwpAWBMNRBZFDk0WVgZeS1taAl1cV00FVgwcd18HR1tqNg4DSABCPWZRFkxFTEoMSRpNG0EUAEQDQ1FTbAdXERlEBg9fRwpARlUEXFENRwtVVwBdQRQWFQhTCh9QCVkRGUQSC0RHCkAXGEBXWEAKRxsUQ1pfFkFcG0MfE14CWREPRBANX0ccQEFREFQXWBJHFRoAWkZEWUQKVgUIBFMWHxcKAA4TXxJAGRYBURdYEkcVGhFbEFxBVQhVAwEFVgMEBFdWUAhdCFQNBFQbGUBWCxsCQ0pXEhYWFwRLVBFKFlBYAhFAC0cSThdXARsPQHI3GxRDSl1EWQBYDUBUH0RXUEISQFgASRIQRRZYGwIGBgELWVELBlAFVQ1RBFJSBAQFBQUEVVJcAQcNUAcPFx8

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.