home

superantispyware_setup.exe

Superantispyware Installer

DOWNLOADZONE

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application superantispyware_setup.exe, “Deploy Superantispyware along with various offers” by DOWNLOADZONE has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. The installer is marketed through download protals and search ads as SUPERAntiSpyware but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
DOWNLOADZONE  (signed and verified)

Product:
Superantispyware Installer

Description:
Deploy Superantispyware along with various offers

Version:
5.6.1040

MD5:
a549238a0e7257eba766bb4589751130

SHA-1:
9cdaf42b9f8a7c268c53f16333d9a4e3b795649a

SHA-256:
cdff4eb4f3bb42f937eac936bea4b9e253f04e44e69cfa08fb68d9dfb30d92e8

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 4:37:45 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

avast!
Win32:PUP-gen [PUP]
2014.9-150409

AVG
Skodna.Generic
2016.0.3144

Dr.Web
Adware.Downware.2468
9.0.1.099

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
9.9366

herdProtect (fuzzy)
variant of java_setup.exe (Adware)
2015.7.12.10

K7 AntiVirus
Trojan
13.185.13888

Malwarebytes
PUP.Optional.Downloadster
v2015.04.09.01

McAfee
Artemis!A549238A0E72
5600.6800

Reason Heuristics
PUP.Bundler.Adlogica
15.4.9.9

Sophos
Ez Toolbar Downloader
4.97

Trend Micro House Call
TROJ_GEN.F47V0116
7.2.193

Zillya! Antivirus
Downloader.Agent.Win32.228487
2.0.0.1975

File size:
1.3 MB (1,362,328 bytes)

Product version:
5.6.1040

Copyright:
©DownloadZone

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\superantispyware_setup.exe

Digital Signature
Signed by:
DOWNLOADZONE

Authority:
COMODO CA Limited

Valid from:
9/11/2013 7:00:00 PM

Valid to:
9/12/2015 6:59:59 PM

Subject:
CN=DOWNLOADZONE, O=DOWNLOADZONE, STREET=96 Jessie st, STREET=4th Floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B24C5AAB5A6D4FED7E156750E71003D

File PE Metadata
Compilation timestamp:
9/16/2013 6:17:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:u9OSiCcFYIYdv+tDUwadbW5Q+mrR3e5xW/e+qeT8hSCWUD6/vkRTTRWrk:giSKmrR3Xe+WQY6/qTTA

Entry address:
0x110400

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, E9, 50, 00, E8, D4, 71, EF, FF, 8B, 0D, A0, A5, 51, 00, 8B, 09, B2, 01, A1, 38, 3E, 4C, 00, E8, D0, F2, F4, FF, 8B, 15, 94, A6, 51, 00, 89, 02, A1, A0, A5, 51, 00, 8B, 00, E8, D4, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, B2, 01, E8, 6E, A9, F5, FF, 8B, 0D, 78, A3, 51, 00, A1, A0, A5, 51, 00, 8B, 00, 8B, 15, F0, 1D, 50, 00, E8, C6, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, E8, F2, 8B, F5, FF, E8, 29, 4B, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6684

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,111,552 bytes)

Remove superantispyware_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.