home

setup1.exe

White Sea Media

The application setup1.exe by White Sea Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
White Sea Media  (signed and verified)

MD5:
a9e813129f0cafd01632b408967e2dcf

SHA-1:
ba98da5150ac64a819e829011e46287e2dc643fa

SHA-256:
d12b0c709058974f7cdb35cbd2553139dd1052c9017f79a11f549dd1d0425f55

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 7:32:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WhiteSea.Installer (M)
16.5.26.14

File size:
83.2 KB (85,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\setup1.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/8/2013 2:00:00 AM

Valid to:
7/9/2014 1:59:59 AM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
1/10/2014 6:54:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:8Hm6YgfqOyJCCyPUaS/ilhdIHCkykWxq9ZnAhr:8EgSOyTaHPcCkkxq9uhr

Entry address:
0x348E

Entry point:
E8, 78, 51, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, C4, E8, 40, 00, FF, 15, 70, E0, 40, 00, 85, C0, 74, 15, 68, B4, E8, 40, 00, 50, FF, 15, 4C, E0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 74, E0, 40, 00, CC, 6A, 08, E8, 3E, 53, 00, 00, 59, C3, 6A, 08, E8, 5C, 52, 00, 00, 59, C3, 8B, FF, 56, E8, 28, 27, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 6E, 05, 00, 00, 56, E8, A8, 55, 00, 00, 56, E8, 93, 55, 00...
 
[+]

Code size:
49 KB (50,176 bytes)

Remove setup1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.