» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Downtown Media

The application setup.exe by Downtown Media has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from intva17.compilecyberspace.info.

File name:

setup.exe

Publisher:

Downtown Media (signed and verified)

Product:

Downtown Media

Version:

25.9.6.4853

MD5:

6d61de2f5a80d042cfd3a5d7e0693d15

SHA-1:

b6a91523c3779a2ce9478f5c390fbd8c7db4e299

SHA-256:

c664c79cd903b3f5347a436f00b1468f4197cb1be07485881b715874831911dc

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/24/2024 5:49:53 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Vittalia.8828

9.0.1.05190

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

Kaspersky

not-a-virus:Downloader.Win32.DownloAdmin

15.0.0.562

File size:

893 KB (914,456 bytes)

Product version:

25.9.6.4853

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States d'America)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Downtown Media

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 11:14:39 PM

Valid to:

3/8/2017 11:14:39 PM

Subject:

CN=Downtown Media, O=Downtown Media, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00C86FE599444C83FF

File PE Metadata

Compilation timestamp:

4/2/2015 8:32:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:Bz+sgpx7N9d7s7quobFUm3Iw1cFTJBCwIGRIFCF7T:halN9dAuuFm3cFTJBCw/GgVT

Entry address:

0x221A

Entry point:

E8, 01, C1, 00, 00, E9, 0B, BA, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 54, 56, 48, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, DC, 55, 48, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, FC, 55, 48, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 4C, 56, 48, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, 5B, 48, 00, 89, 0D, 14, 5B, 48, 00, 89, 15, 10, 5B, 48, 00, 89, 1D, 0C, 5B, 48, 00, 89, 35, 08, 5B, 48, 00, 89, 3D, 04, 5B, 48, 00, 66, 8C, 15, 30, 5B, 48... 
[+]

Code size:

56.5 KB (57,856 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://intva17.compilecyberspace.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-48497583.exe&checksum=141944

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.