» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

True Street

The application setup.exe by True Street has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.enjoylargest.com.

File name:

setup.exe

Publisher:

Safeguarded Swift System Installer (signed by True Street)

Product:

Safeguarded Swift System Installer

Version:

60.6.6.1765

MD5:

ea1083971a01df5166ea9fdec9c61c3c

SHA-1:

d00d8fb62e997e38e49d68db3b77e4049d3a7f0f

SHA-256:

9bf8c0d6bd0411e894a6677144bc065a7e3dbb352e857fb8838c5329c68b1b38

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/7/2024 1:43:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.26654

5763011

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.DownloadAdmin

2015.12.17

Avira AntiVirus

PUA/DownloadAdmin.774912

8.3.2.2

Arcabit

Trojan.Mikey.D681E

1.0.0.629

avast!

Win32:PUP-gen [PUP]

151212-2

AVG

Downloader.Generic_r

2016.0.2893

Bitdefender

Gen:Variant.Mikey.26654

1.0.20.1755

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.DownloadAdmin.NY

23778

Dr.Web

Trojan.Vittalia.419

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Mikey.26654

10.0.0.5366

ESET NOD32

Win32/DownloadAdmin.N potentially unwanted application

7.0.302.0

F-Prot

W32/DownloAdmin.B.gen

v6.4.7.1.166

F-Secure

Application.Bundler.DownloadAdmin

11.2015-16-12_4

G Data

Gen:Variant.Mikey.26654

15.12.25

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.212.18130

Kaspersky

not-a-virus:Downloader.Win32.DownloAdmin

15.0.0.562

Malwarebytes

PUP.Optional.DownLoadAdmin

v2015.12.16.08

McAfee

Program.DownloadAdmin

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.207.757.0

MicroWorld eScan

Gen:Variant.Mikey.26654

16.0.0.1053

NANO AntiVirus

Trojan.Win32.DownloAdmin.dwzuvy

1.0.10.5081

Norman

Gen:Variant.Mikey.26654

12.12.2015 20:21:58

Panda Antivirus

Generic Suspicious

15.12.17.07

Reason Heuristics

PUP.TomorrowSoftware.TrueStreet.Installer (M)

15.12.16.8

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.151215

Sophos

PUA 'Download Admin'

5.22

SUPERAntiSpyware

PUP.InstallCore/Variant

9442

Vba32 AntiVirus

SScope.Downware.DownloadAdmin

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43774

Zillya! Antivirus

Downloader.DownloAdmin.Win32.1680

2.0.0.2566

File size:

756.7 KB (774,856 bytes)

Product version:

60.6.6.1765

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

True Street

Authority:

GoDaddy.com, Inc.

Valid from:

9/8/2015 3:19:40 PM

Valid to:

9/6/2016 5:41:42 PM

Subject:

CN=True Street, O=True Street, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00E4671F29CACB6629

File PE Metadata

Compilation timestamp:

10/13/2014 12:30:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:dL7we7DjtyOSAvAssUizeJbym7v+dr2lXPOaK5Ozvx1kgjBzK2m:Oe7DjtyOSQAsjizebbS6l/O+zvxHjLm

Entry address:

0x1EFBE0

Entry point:

60, BE, 00, 60, 53, 00, 8D, BE, 00, B0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.9232

Packer / compiler:

UPX 2.90LZMA

Code size:

744 KB (761,856 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.enjoylargest.com/down/java/.../down.php?sid=497&dv1=ad490-us&kw1=ad490-us-xx&uuid=114c8d3c-6644-4c3a-487d-c4a5b14727a6&dv3=114c8d3c-6644-4c3a-487d-c4a5b14727a6

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.