setup.exe

SETUP DOT EXE

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Premium Installer ” by SETUP DOT EXE has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 5162014.installic.com.
Publisher:
Premium Installer   (signed by SETUP DOT EXE)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
fdae627d5e8dcfc270e2b19ec7170b57

SHA-1:
f98af113156a6b147c619f231aa0ba74db93924d

SHA-256:
2ec29a0a41dec5575828f99538c5b777c7901e38a8f7c4510d09f06dad72fd7f

Scanner detections:
38 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 10:47:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.B
401

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimumInstaller
2014.05.22

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.147.82

avast!
Win32:IBryte-CZ [PUP]
2014.9-151231

AVG
Adware AdPlugin
2016.0.2879

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.151231

Bitdefender
Application.Bundler.Agent.B
1.0.20.1825

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Ibryte-236
0.98/19305

Comodo Security
Application.Win32.iBryte.WRP
18248

Dr.Web
Trojan.Packed.26900
9.0.1.0365

Emsisoft Anti-Malware
Application.Bundler.Agent
8.15.12.31.09

ESET NOD32
Win32/AdWare.iBryte.AA application
9.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2238381
12/31/2015

F-Prot
W32/DomaIQ.G.gen
v6.4.7.1.166

F-Secure
Application.Bundler.Agent
11.2015-31-12_5

G Data
Win32.Adware.Ibryte
15.12.24

IKARUS anti.virus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12041

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.888

Malwarebytes
v2015.12.31.09

McAfee
GenericATG-FGI!AA091FF371C6
5600.6535

MicroWorld eScan
Application.Bundler.Agent.B
16.0.0.1095

NANO AntiVirus
Trojan.Win32.Badur.cxnsau
0.28.0.59826

Norman
Downloader
11.20151231

nProtect
Trojan-Clicker/W32.iBryte.250664
14.07.06.01

Panda Antivirus
Trj/Genetic.gen
15.12.31.09

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.iBryte.DK4
12.15.14.00

Reason Heuristics
PUP.Adknowledge.SETUPDOTEXE.Bundler (M)
15.12.31.9

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.151229

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
9414

Total Defense
Win32/Tnega.XABfAXD
37.0.10836

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28862

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
214.8 KB (219,936 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=SETUP DOT EXE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SETUP DOT EXE, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
348784BF9B5AF7CB50276EA8463A9048

File PE Metadata
Compilation timestamp:
5/16/2014 1:00:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:DfGY97h8wWPXjmIYO7DU1q1VyUvTzgBJiRW1/BgywE5NEpw8G:b1APT9VvU6zJV+Epw8G

Entry address:
0xE6A7

Entry point:
E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 72, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 70, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3768

Code size:
150.5 KB (154,112 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security