setup.exe

Bubble Games

The application setup.exe by Bubble Games has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from files4.downloadnet1194.com.
Publisher:
Bubble Games  (signed and verified)

Product:
Bubble Games

Version:
87.0.0.3623

MD5:
3883d1981ce9cf82b3674dca6105e692

SHA-1:
b53f24919c22d983cbb8b1a7118a7a5c06f1c38e

SHA-256:
bd79e3775ac3945fd0e428edd2d6d5e71ec139c7eecd0720f3835ff71e229b6a

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/28/2024 1:37:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
383

Avira AntiVirus
TR/ATRAPS.Gen2
7.11.30.172

avast!
Win32:Malware-gen
2014.9-160117

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.85

Dr.Web
Trojan.Vittalia.1351
9.0.1.017

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DownloadAdmin
8.16.01.17.02

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted application
10.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2016-17-01_1

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.1.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18111

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.51

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.4
11.20160117

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.TomorrowSoftware.BubbleGames.Installer (M)
16.1.17.14

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.16115

VIPRE Antivirus
Trojan.Win32.Generic
45856

File size:
871.1 KB (891,968 bytes)

Product version:
87.0.0.3623

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
11/11/2015 5:32:38 PM

Valid to:
10/13/2016 8:17:38 PM

Subject:
CN=Bubble Games, O=Bubble Games, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C1013F706A3DE6C3

File PE Metadata
Compilation timestamp:
11/26/2014 1:59:55 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:cRLnC6J7zCjr7vdd3VnOQZki5Ufsy2QnaSE:AALvdhlOGkqUte

Entry address:
0x1137

Entry point:
E8, 54, CB, 00, 00, E9, 52, C4, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 18, 02, 00, 00, 53, 8B, 9C, 24, 20, 02, 00, 00, 55, 56, 57, 8D, 44, 24, 10, 50, 33, FF, 57, 6A, 01, 53, 89, 7C, 24, 20, E8, 9B, 53, 00, 00, 8B, 4C, 24, 20, 8B, F0, 83, C4, 10, 8D, 2C, 0E, 85, F6, 75, 1D, 53, E8, B5, 55, 00, 00, 53, E8, AF, 55, 00, 00, 83, C4, 08, 8D, 47, 02, 5F, 5E, 5D, 5B, 81, C4, 18, 02, 00, 00, C3, 6A, 02, 53, E8, 26, 53, 00, 00, 8D, 54, 24, 24, 52, 53, E8, 7B, 54, 00, 00, 83, C4...
 
[+]

Code size:
53.5 KB (54,784 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security