» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

InstallationSafe

The application setup.exe by InstallationSafe has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from safeversion-install.com.

File name:

setup.exe

Publisher:

InstallationSafe (signed and verified)

MD5:

969467d4e2863820227bc6193bb4d9d2

SHA-1:

f1f57dacb9e16fdf8b6232c228a75a2962b803ab

SHA-256:

05d2249f190f0b32ce40227f415bd5c9a9a235e2b55e8f54252024881e70a6ad

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

11/25/2024 10:15:44 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen2

8.3.1.6

avast!

Adware-gen [Adw]

150525-2

AVG

AdGazelle

2016.0.3095

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Downware.10558, Adware.Downware.9463

9.0.1.05190

ESET NOD32

Win32/AdGazelle.A potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Application.Bundler

11.2015-28-05_5

G Data

Win32.Application.AdGazelle

15.5.25

K7 AntiVirus

Unwanted-Program

13.204.16056

Malwarebytes

PUP.Optional.InstallationSafe.C

v2015.05.28.01

NANO AntiVirus

Riskware.Win32.AdGazelle.debrcs

0.30.24.1636

Reason Heuristics

PUP.Installer.InstallationSafe

15.5.28.13

Rising Antivirus

PE:Trojan.Win32.Generic.171A792B!387610923

23.00.65.15526

VIPRE Antivirus

Threat.5063253

40552

File size:

684.7 KB (701,128 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

InstallationSafe

Authority:

COMODO CA Limited

Valid from:

4/23/2014 9:00:00 AM

Valid to:

4/24/2015 8:59:59 AM

Subject:

CN=InstallationSafe, O=InstallationSafe, STREET=11835 Carmel Mountain Road, STREET="Suite #1304-371", L=San Diego, S=CA, PostalCode=92128, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0087DFEA59F6399D527598C5CC38227EC9

File PE Metadata

Compilation timestamp:

2/25/2012 4:20:09 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:vqtysSz+Tp3Gd80VaKP3Hm5WLgbrr3mSOBfCT//b1T9EwZPGRFqjiqcgbLwLN:ScsSgp3Gd80gKP3GVbOS86zbTEgPLWxX

Entry address:

0x3A10

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A1, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, A3, 40, 00, FF, 15, 84, 91, 40, 00, 68, 04, A3, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9569

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://safeversion-install.com/Download

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.