home

ClickOnceSetup.exe

Internet installer

dobreprogramy sp. z o.o.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application ClickOnceSetup.exe by dobreprogramy sp. z o.o has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer.
Publisher:
dobreprogramy sp. z o.o.  (signed and verified)

Product:
Internet installer

Version:
2.0.6

MD5:
af297f50dd0c4e152c0338a5b77e67ae

SHA-1:
e103186317c8e04a4bb6c1001a01a71e27977b17

SHA-256:
198a89eecef5b125056ed595f975b8d32980211708ac3f8f0c034839e4f2e7cf

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/2/2024 1:23:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.11.1

File size:
963.1 KB (986,176 bytes)

Product version:
2.0.6

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\apps\2.0\lork3gq2.y0v\qw4915wt.9ea\clic..tion_0000000000000000_0001.0000_5d04c28ac2335da6\clickoncesetup.exe

Digital Signature
Signed by:
dobreprogramy sp. z o.o.

Authority:
thawte, Inc.

Valid from:
2/25/2015 1:00:00 AM

Valid to:
2/26/2016 12:59:59 AM

Subject:
CN=dobreprogramy sp. z o.o., OU=IT, O=dobreprogramy sp. z o.o., L=Wroclaw, S=Dolnoslaskie, C=PL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
04CCACE3AEB4566AFA610407D3C9D967

File PE Metadata
Compilation timestamp:
9/1/2015 11:25:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xE8E7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
924 KB (946,176 bytes)

Remove ClickOnceSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.