» setup.exe
Overview
Analysis
File Details

setup.exe

Wizard

Yumon System SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Yumon System SL has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

Yumon System SL (signed and verified)

Product:

Wizard

Version:

1. 9. 8. 7

MD5:

1220d86384d2088854cb3fb6b8990584

SHA-1:

db6e3fe5fc33b97258974fc4ce40e8291dbc7c05

SHA-256:

f91dd4d34a0f91380b4865c986cbb6c9d9e204e4f68028bbe3e547b506614e4a

Scanner detections:

33 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/7/2024 6:27:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.SoftPulse.5

5762964

Agnitum Outpost

PUA.SoftPulse

7.1.1

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.06.17

Avira AntiVirus

PUA/SoftPulse.oans

8.3.1.6

Arcabit

Trojan.Application.Bundler.SoftPulse.5

1.0.0.425

avast!

Win32:SoftPulse-BE [PUP]

150602-1

AVG

Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}

2016.0.3076

Bitdefender

Gen:Variant.Application.Bundler.SoftPulse.5

1.0.20.835

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.MultiPlug-31138

0.98/20570

Comodo Security

Application.Win32.SoftPulse.D

22467

Dr.Web

Adware.SoftPules.3, Trojan.Domaiq.24

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.SoftPulse

10.0.0.5366

ESET NOD32

Win32/SoftPulse.S potentially unwanted application

7.0.302.0

F-Prot

W32/S-f85cfebf

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

5.14.151

G Data

Gen:Variant.Application.Bundler.SoftPulse

15.6.25

K7 AntiVirus

Trojan

13.205.16253

Kaspersky

Trojan.Win32.Inject

15.0.0.543

Malwarebytes

PUP.Optional.DomaIQ

v2015.06.16.05

McAfee

Program.SoftPulse

17.6.569.0

MicroWorld eScan

Gen:Variant.Application.Bundler.SoftPulse.5

16.0.0.501

NANO AntiVirus

Trojan.Win32.SoftPules.djsxni

0.30.24.2086

Norman

Gen:Variant.Application.Bundler.SoftPulse.5

02.06.2015 14:23:46

Panda Antivirus

Trj/Genetic.gen

15.06.16.05

Quick Heal

TrojanDwnldr.DriverUpd.A5

6.15.14.00

Reason Heuristics

PUP.Installer.YumonSystem

15.6.16.13

Rising Antivirus

PE:Malware.DriverUpd!6.1C5A

23.00.65.15614

Sophos

PUA 'SoftPulse' (of type Adware)

5.15

SUPERAntiSpyware

Adware.SoftPluse/Variant

9810

Vba32 AntiVirus

Trojan.Inject

3.12.26.4

VIPRE Antivirus

Threat.4150696

40830

Zillya! Antivirus

Adware.SoftPulse.Win32.25

2.0.0.2227

File size:

1.1 MB (1,129,408 bytes)

Product version:

1. 9. 8. 7

Original file name:

Wizard.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Language:

Spanish (Spain, International Sort)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Yumon System SL

Authority:

VeriSign, Inc.

Valid from:

10/10/2014 2:00:00 AM

Valid to:

10/11/2015 1:59:59 AM

Subject:

CN=Yumon System SL, O=Yumon System SL, L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3AA6674633422C69E81B62EE2A7C074B

File PE Metadata

Compilation timestamp:

12/5/2014 1:09:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:4cHxMyocT1N8RyqWaCoyW//dURpweXTQT1q:4cRMyj8RyqWDWXiw2Qg

Entry address:

0xCA76

Entry point:

B8, 0C, A3, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 64, 67, 35, 6E, 75, 6C, 38, 32, 65, 34, 00, B2, CD, DD, D2, 1D, 85, A7, 4A, 50, 97, 6B, F5, F6, A9, F6, F1, 9C, 91, D7, 08, 16, 9D, E3, 3B, CF, CE, 56, F5, 53, 4B, 36, B3, 52, 41, 8D, 35, 77, EC, 1F, 24, 1E, 06, 7D, 24, D6, 8A, D7, 7E, D6, 96, 88, 8F, 33, EB, A4, 1D, 78, BD, 7D, 6D, E4, D1, 2C, 8C, CF, B5, CF, 90, 61, 51, 27, F2, 02, CC, AE, 2C, 58, 23, F7, 83, F1, 0F, BE, 97, 14, B7, BE, 40, 25, 83, 1B, 18, 56... 
[+]

Code size:

144.5 KB (147,968 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.