» setup_537.exe
Overview
Analysis
File Details
Downloads (2)

setup_537.exe

Sapodilla Ltd

The application setup_537.exe by Sapodilla has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2rq3w9da4lla6.cloudfront.net and multiple other hosts.

File name:

setup_537.exe

Publisher:

shopperz (signed by Sapodilla Ltd)

MD5:

37a810eb4cca7e0770a09d3ece7fdf77

SHA-1:

c2b848f7ae3ea99c2a031daf74cd7b998aab5b4c

SHA-256:

3f19344be19507e993584ee049ec0e3305fd7d4919a7e09d30985a31a3f6be1b

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

11/27/2024 1:07:55 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Shopperz.A

596

Agnitum Outpost

Riskware.Agent

7.1.1

Bitdefender

Adware.Shopperz.A

1.0.20.845

Dr.Web

Adware.Shopper.863

9.0.1.071

Emsisoft Anti-Malware

Adware.Shopperz

8.15.06.18.04

ESET NOD32

Win32/Toolbar.Perion.L potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/Perion

3/12/2015

F-Secure

Adware.Shopperz.A

11.2015-18-06_5

herdProtect (fuzzy)

variant of setup_20526.exe

2015.6.18.16

IKARUS anti.virus

PUA.Toolbar.BitCocktail

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.203.15783

Malwarebytes

PUP.Optional.Shopperz.A

v2015.03.12.07

MicroWorld eScan

Adware.Shopperz.A

16.0.0.507

nProtect

Adware.Shopperz.A

15.04.30.01

Qihoo 360 Security

HEUR/QVM06.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Bitcocktail

15.3.12.7

Trend Micro House Call

Suspicious_GEN.F47V0311

7.2.71

File size:

2.4 MB (2,519,864 bytes)

Product version:

2.0.0.457

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\setup_537.exe

Digital Signature

Signed by:

Sapodilla Ltd

Authority:

GlobalSign nv-sa

Valid from:

1/28/2015 5:37:16 AM

Valid to:

1/29/2016 5:37:16 AM

Subject:

CN=Sapodilla Ltd, O=Sapodilla Ltd, L=Hod Hasharon, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121449121483F5C10A1D21935F061A75AD5

File PE Metadata

Compilation timestamp:

1/30/2013 9:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:kUSY98sgFuI0tJMpZSX7QzYMnGrtQ7ASu89EooiOQPL6:fSY9s0MpZ48YC8B8+bi56

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9772

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file setup_537.exe has been seen being distributed by the following 2 URLs.

http://d2rq3w9da4lla6.cloudfront.net/.../sprz.exe

http://cds.t4x4w9a7.hwcdn.net/.../sprz.exe

Remove setup_537.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.