setup.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Rollnon has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from aff.dimds.com and multiple other hosts.
Publisher:
Rollnon  (signed and verified)

Version:
1.0.0.2

MD5:
20f3c5cb19c0f477ec2c088288be51cb

SHA-1:
d09bb773d909e8f938859977d2a7f507eb8121f4

SHA-256:
b5016eb4a5b2d06b93be1615778196591e67f361ce21a7ff9d7405fae2554d0a

Scanner detections:
11 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 12:56:15 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Verti (variant)
8.10084

G Data
Win32.Application.Nextup
14.7.24

IKARUS anti.virus
PUA.Nextup
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12701

Malwarebytes
PUP.Optional.NextUp
v2014.07.21.02

McAfee
Artemis!C96BD5645D12
5600.7062

Reason Heuristics
PUP.Installer.Rollnon.I
14.6.19.23

Sophos
NextUp
4.98

Trend Micro House Call
Suspicious_GEN.F47V0708
7.2.202

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Rocketfuel Installer
31184

File size:
688.5 KB (705,032 bytes)

Product version:
1.0.0.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/26/2014 7:00:00 PM

Valid to:
5/27/2015 6:59:59 PM

Subject:
CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata
Compilation timestamp:
6/6/2014 1:10:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:LRXmOU+Dwz3q4d6pvICQA52dSp7AzjjyZZc+KsH/C/ZrdxnqxWos:TU+b06pvNQAuuVA+9qddZqxWj

Entry address:
0x22565

Entry point:
E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, E8, EC, 47, 00, E8, 65, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 54, 7F, 48, 00, BA, 50, 7F, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AF, B4, FF, FF, 59, FF, 76, 04, E8, A6, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 54, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B...
 
[+]

Entropy:
6.4753

Code size:
398.5 KB (408,064 bytes)

The file setup.exe has been seen being distributed by the following 12 URLs.

http://aff.dimds.com/tool/.../download.php?l=01&w=1000&wti=555&src=1074&typ=TOKEN

http://s.premium-apps.net/stub/.../setup.exe

http://install.oinstaller6.com/o/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security