setup_4.exe

Interesting Solutions

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup_4.exe by Interesting Solutions has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr1.com.
Publisher:
Interesting Solutions  (signed and verified)

MD5:
25887ab5585c73edaf1a072de254eccf

SHA-1:
437e95cddca719e7bc05624fdb3b63afd63507eb

SHA-256:
8aeb230b2b7e18c01dedb8c7cfefeba278030e47c0ce7965f93891ecfcf7ce06

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:36:27 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.206.100

AVG
Interesting
2016.0.3203

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.1529

Comodo Security
ApplicUnwnt
20927

ESET NOD32
MSIL/Adware.PullUpdate (variant)
9.11106

Fortinet FortiGate
Adware/PullUpdate
2/9/2015

Malwarebytes
PUP.Optional.WebGuard.A
v2015.02.09.06

McAfee
Artemis!25887AB5585C
5600.6859

Reason Heuristics
PUP.Installer.Injekt
15.2.9.18

Sophos
Generic PUA DP
4.98

Trend Micro House Call
Suspicious_GEN.F47V0128
7.2.40

VIPRE Antivirus
MSIL.Adware.PullUpdate
37164

File size:
4.5 MB (4,742,072 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\frfma4gwcz\setup_4.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/1/2014 7:00:00 PM

Valid to:
4/2/2015 6:59:59 PM

Subject:
CN=Interesting Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Interesting Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7AA52A387DFF197F28163BDDC97B61EA

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Mm8Tq1HH347A/ELmF/uuBTDoqZEEO/362oBMupxll0K+NMxtI:Mm8W34tuVDoqZOi2kMUj2NMxC

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9828

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup_4.exe has been seen being distributed by the following URL.

Remove setup_4.exe - Powered by Reason Core Security