setup.exe

File Setup LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by File Setup has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.1btvoy0pn.com.
Publisher:
File Setup LLC  (signed and verified)

MD5:
041f9dc80fa9d3642addd549a4769c4c

SHA-1:
b8c7a73c5e0ef387b3727b65a7df2ad65dd6d827

SHA-256:
e85d7fb5b9726e669254029793072788f2e1660c1caff5e10c0778b423d7074e

Scanner detections:
13 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 12:06:09 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.04.22

Avira AntiVirus
PUA/Softpulse.Gen
3.6.1.96

avast!
Win32:SoftPulse-GK [PUP]
2014.9-150622

AVG
Generic
2016.0.3169

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.175
9.0.1.0173

ESET NOD32
Win32/SoftPulse.AC potentially unwanted application
9.7.0.302.0

NANO AntiVirus
Trojan.Win32.Domaiq.dpqzmd
0.30.20.1219

Panda Antivirus
Trj/Genetic.gen
15.03.16.09

Reason Heuristics
PUP.Bundler.Softpulse
15.3.16.9

VIPRE Antivirus
Threat.4150696
39354

File size:
606.7 KB (621,216 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/17/2014 2:00:00 AM

Valid to:
12/18/2015 1:59:59 AM

Subject:
CN=File Setup LLC, O=File Setup LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
425AE115F148D1124BA864570081A9B7

File PE Metadata
Compilation timestamp:
3/14/2015 1:13:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:eVGpNI11FTfkpqkIKmtNDl/QalfelrRu9wEhrUfg/WPZ39oRB:eVGpG5DIsKm7D6alyRuKWUfg/6p9a

Entry address:
0x1000

Entry point:
B8, 24, 19, 5D, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, C5, 50, 8D, 45, F4, 64, A3, 00, 6A, 14, E8, B5, 07, EA, FB, 83, C4, 04, 89, 45, EC, C7, 45, FC, 00, D9, 61, 16, F0, 83, 7D, EC, 00, 74, 1A, 00, E9, 62, 39, 40, E8, 50, 6A, 08, 8B, 4D, 02, 72, B1, 59, EC, 05, 0B, E4, EB, 07, 74, 32, 17, D9, E4, 81, E5, BC, C0, E4, 89, 4D, F0, FF, C3, B4, 3C, 0B, 8B, 45, F0, 89, 0D, 1D, FE, 27, C0, 00, 59, 8B, E5, 5D, C3, CC, 7B, 25, 7F...
 
[+]

Entropy:
7.8831

Packer / compiler:
PECompact v2

Code size:
1.2 MB (1,253,888 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security