» setup_536.exe
Overview
Analysis
File Details
Downloads (2)

setup_536.exe

Sapodilla Ltd

The application setup_536.exe by Sapodilla has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2rq3w9da4lla6.cloudfront.net and multiple other hosts.

File name:

setup_536.exe

Publisher:

shopperz (signed by Sapodilla Ltd)

MD5:

f8c7302b01173357712d9ec821f8218a

SHA-1:

eb81c1817cbc5f1d93d5dcb3e1945a2efec140fd

SHA-256:

84244829d5580ceb6a8ee0d850350b699c06f0057e67baf43e45bd30950df89c

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

11/23/2024 7:53:41 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Perion

7.1.1

Dr.Web

Trojan.BPlug.955

9.0.1.085

ESET NOD32

Win32/Toolbar.Perion.L potentially unwanted

9.11376

IKARUS anti.virus

PUA.Toolbar.BitCocktail

t3scan.1.8.6.0

Malwarebytes

PUP.Optional.Shopperz.A

v2015.03.26.03

Qihoo 360 Security

HEUR/QVM06.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Bitcocktail

15.3.26.15

File size:

2.4 MB (2,530,336 bytes)

Product version:

2.0.0.457

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\setup_536.exe

Digital Signature

Signed by:

Sapodilla Ltd

Authority:

GlobalSign nv-sa

Valid from:

1/28/2015 4:37:16 AM

Valid to:

1/29/2016 4:37:16 AM

Subject:

CN=Sapodilla Ltd, O=Sapodilla Ltd, L=Hod Hasharon, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121449121483F5C10A1D21935F061A75AD5

File PE Metadata

Compilation timestamp:

1/30/2013 8:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:mUiY98GdP4DciGZhSEp4G72AtWC8WA3qh9a15GY4XC9EooiOQPL+:FiY9LNhSqmC83U850C+bi5+

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9775

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file setup_536.exe has been seen being distributed by the following 2 URLs.

http://d2rq3w9da4lla6.cloudfront.net/.../sprz.exe

http://cds.t4x4w9a7.hwcdn.net/.../sprz.exe

Remove setup_536.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.