spotify-setup.exe

Terucihom

Sambamedia llc

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application spotify-setup.exe, “Terucihom Setup ” by Sambamedia llc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Sambamedia llc  (signed and verified)

Product:
Terucihom

Description:
Terucihom Setup

MD5:
ad22dd25b3bb8b791dd1c1a074376139

SHA-1:
779fb5252ece85c86a87a46aba19d5bcd817dba8

SHA-256:
2854957f0f6d1384050a54fc996bc16165ecf8cd54d3cfcdae1bad8c34bd68c4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 12:49:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.13.7

File size:
951.4 KB (974,208 bytes)

Product version:
1.8.8

Copyright:
Program Stub

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\spotify-setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/21/2015 1:00:00 AM

Valid to:
1/20/2017 12:59:59 AM

Subject:
CN=Sambamedia llc, O=Sambamedia llc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
08AF0B7DB5193EDC6FFE31467E46AA55

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file spotify-setup.exe has been seen being distributed by the following URL.

http://www.ranchsignbundle.com/_YkBdEPI6OcPvOsDj4t2VntHweJetpOfFohHw8Tt9XYha NWzPFOYj3K8YgB1gj56X4g9gO4Vc6qMPeCFMAv48DNZx6bXDnyhuj4kUpcp_nYRi5I5C915rjx eNsRA_mCCqiZ4AZjvHUJ7qMMqv48nxn8xocJBMpJI75fwBAjnh1pQ OXRWmyuMEixtwSwUsMdTUvOG3dj2cEklxTQiJBQvwh0C02XrVCNA39ULvfL2Ea4F2GIbqcF90SU_ZiuGHVfmGkvP8l4rKpGO690gAf MvpyfRfZ2bZrjvaSmbRg9IUTeEg5bcUJ7Rdw VX1IhkDasjXEkWyIDukEWGowv0hqVLO31Fp2YN00J9R5e9LSszyiphonJ09yHNCJCeN08R_B3tzvVUBob7epSXyk8s_RPWSBmbGzTpzN6VC9FImWlPYczZYK0lXFrrrq1qDoB7lUN0EoBTR3Ou2nx0JNxai3y WPpVi2qMUs5ob_JmKWWyDoIHk9b8IDLXhyZa6_4kMdvOJqkDNae0tLwuV6 fAKR44GLZjuo7aZ18dVjw7yFZZmjfJa1Ypbr3roMTD9CYBYljRypZQqoJ7Qx5vQQWHVWOdXgDjnwo_ugl6C5yLz_MSi2OqyJU68cOEllSObJumkm52Gj4q1oRefnx3v3Jh2TqUozC9nyVfmMQSlAe5vhWfXJo9HBOMkqlFgoNLEuCEkvjrzwqVKjxcvwHHWjO7fh_2FpqQXatdVmWYb7v8vsYSHPwbM9 Gwrdao 2oDG7pE6EVFqGzOX3iFuXQJhYftYICkAJSyo6nUSaXi58RapGtBsxAbz7_SS_qJfPlRe2HYPVDUUFYxi9yNvmN1q0a7BfTLNGEqrCn1XDvQP01TPcw7M4S3fxKIfrUcxGRwJT7fSsVHtACx87Sbk6qt0dYadtMQQoQ==-GxUAAMRjbF7DPAblGlKTTkYpbCur9TVXEAQ=

Remove spotify-setup.exe - Powered by Reason Core Security