» Setup.exe
Overview
Analysis
File Details

Setup.exe

Setup

SAFE download gtl

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by SAFE download gtl has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

SAFE download gtl (signed and verified)

Product:

Setup

Version:

1.9.3.0

MD5:

12d4af0ae83455c96a09e2af6d99813d

SHA-1:

c6c0418b508b529dbc6181ea4e228ca56d4e2ab3

SHA-256:

9ec63e7e3d3e8606ced57e8551fc46849e9b269cc7ef6bc736e882850843fcca

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/14/2024 6:11:04 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/Outbrowse.Gen

7.11.213.12

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

McAfee

Program.Adware-OutBrowse.e

16.8.708.2

Reason Heuristics

PUP.Bundler.Outbrowse

15.3.18.1

File size:

1.1 MB (1,150,888 bytes)

Product version:

1.9.3.0

Setup

Original file name:

Ionic.Zip-2015Feb28-112449-93432c5f-1749-4915-a641-45aa35e249b8.exe

Bundler/Installer:

OutBrowse Revenyou

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

SAFE download gtl

Authority:

thawte, Inc.

Valid from:

2/26/2015 12:00:00 AM

Valid to:

1/27/2016 11:59:59 PM

Subject:

CN=SAFE download gtl, O=SAFE download gtl, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

2F97ABCC05BC3B564497EC9E69ECC926

File PE Metadata

Compilation timestamp:

2/28/2015 11:24:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:tbSaE4mvt/XP7GVCdVoQV8cW/Ja57oBNfqo:tbSv4mvtPqUDycXhCfx

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5769

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.