Setup.exe

Adobe Flash Player

Installer Setup

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by Installer Setup has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Installer Setup  (signed and verified)

Product:
Adobe Flash Player

Version:
3.0.0.86

MD5:
738615cadd1445b59fdf1481235c08df

SHA-1:
fe7615437e4411e20bb19e0fb84d309dcf688a6d

SHA-256:
f348b7fb43d46649c4a152ae3a0c6305c6a3c94188ee326b58413026a66297c0

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 4:03:39 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2015.04.15

avast!
PUP-gen [PUP]
150319-1

AVG
Potentially harmful program Downloader.EQH
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Vittalia.30
9.0.1.05190

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted (variant)
9.11474

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.9.0

NANO AntiVirus
Trojan.Win32.DownloadHelper.dpgylc
0.30.16.1110

Reason Heuristics
Threat.Air Software.Bundler
15.4.14.18

Trend Micro House Call
TROJ_GEN.R0E9H05CP15
7.2.104

Vba32 AntiVirus
Downloader.DownloadHelper
3.12.26.3

File size:
962.7 KB (985,840 bytes)

Product version:
3.0.0.86

Copyright:
(c) Installer Setup

Bundler/Installer:
AirInstaller Download Manager

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
2/10/2015 12:00:00 AM

Valid to:
2/10/2016 11:59:59 PM

Subject:
CN=Installer Setup, O=Installer Setup, L=Vancouver, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
07A1307B10CFA227F3AF56F353208204

File PE Metadata
Compilation timestamp:
1/30/2013 2:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:nxG92NUMxv1OPXiaUCbLlmpZuBd6jFadndAJ:Qkxv1O/MCb5mpZgC6AJ

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
6.9394

Developed / compiled with:
Microsoft Visual C++

Code size:
65.5 KB (67,038 bytes)

The file Setup.exe has been seen being distributed by the following URL.

Remove Setup.exe - Powered by Reason Core Security