spotify-setup.exe

Terucihom

Sambamedia llc

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application spotify-setup.exe, “Terucihom Setup ” by Sambamedia llc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Sambamedia llc  (signed and verified)

Product:
Terucihom

Description:
Terucihom Setup

MD5:
817457b394e5510c162ea7110e554b2d

SHA-1:
3ecfdd8eea9d806c59d5466d8cf4e2a246f6fd3d

SHA-256:
9c2a5ca3d5334b0ceb7b3fd6c1e2ec55b2fec57e7bf5d87321f4c71b539dbeca

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 12:51:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.14.8

File size:
951.4 KB (974,208 bytes)

Product version:
1.8.8

Copyright:
Program Stub

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Inno Setup)

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\spotify-setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/21/2015 1:00:00 AM

Valid to:
1/20/2017 12:59:59 AM

Subject:
CN=Sambamedia llc, O=Sambamedia llc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
08AF0B7DB5193EDC6FFE31467E46AA55

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file spotify-setup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/y3kAlVhmX4RDfDSjiA3Ra0WnY8s 3rFCCnMABWsgfVHAIh7JlaHs_IP v7KZuOyT zIQBICOyNKKwm5Z9UuW3vEZYM9zHklYnYAiZiNN6CuyCIEjvJAl13IiJkDA7kFPn4FK G5YjlTmUeLSgXNzNiKhm67WUbTkP9MHjjcaqlkOUY_WolIx7FXM2UlDV8hmfCHcgKG6JKc3O83EHvkh8vnAKSa8Hh0zpZfLCBKt_jdDlXBrnGWFV0x7MTYvKX5wUy3t6Q9CQR pI2CwNNLdF67seFT9h9Tsst9MJ1RrDeQkTRN781rVJSTh1Etu9buHgBh32WpFUZnjpKCkCJixgopr0oTLOcQRs9elZ_buGAB9k1LqtWnaGABmrjOYfPLENjYNlQgfcrssP0G3iWqCQYrzkg_F1y9qct9G03YBce15CaNXafYiifNLN8iX ao6mFOARESmFTposnoo1YEam EyDen3I3Mpis ZWS34Du9jNjD1H6CpZTMXr9Yb63vReurnkyARpvaO2nw7DMTVkWvpIL2H6sF0DLKpTQy84_22sjbHS_49il6aFSKWWOiMcbR9KplVGzD5rmSjNxvGjkvykqO9sBMbSDo9JdmJ75N9Fi1bMwljPwG mWVIGAiEDJn1gyWfkLNyzyxJFvmOugi84u_oLVQASMuIUEJPSH5vrr iah118GiL4JCssejI8WeK59uqK89SsyhEpoGwC6uuMMXZRa6hgplcCn3Vl28kb9wGCBmobUkSuNtqeIWftOq7uiVFCElifhpXn7Yd4Lv2X9XReflCFUpJfo5pgHCx3BB3dpNtT9JslkWykAB15AT9ykg0iYlHNs2 iJ2OEhEt79x8fx1M4tlO 3RIu8l6wwUqywTtdRoc14exOqH5ssexLrmblZemhGfTHRHkHjL6sPwRwg==-CwiAZnJpYWZpbGVyLmNvbS80MDQD

Remove spotify-setup.exe - Powered by Reason Core Security