home

dm1393282886.exe

setap

Mindad media Ltd.

The application dm1393282886.exe by Mindad media has been detected as adware by 11 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
@@@  (signed by Mindad media Ltd.)

Product:
setap

Description:
setap file

Version:
2.0.0.1

MD5:
227eeb681b45ff953e022ffed65643cb

SHA-1:
bcfcd1531b505940ff63b86cab8f4101bf5e5eb7

SHA-256:
2c02f0149e81f220c6997d5d044d40b55883bceadb94b1d52a07c1da10189bc2

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/19/2024 8:52:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

AVG
MalSign.Generic
2015.0.3539

Emsisoft Anti-Malware
Gen:Variant.Kazy.203494
8.14.09.22.01

ESET NOD32
Win32/OutBrowse (variant)
8.9491

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3212

Malwarebytes
PUP.Optional.OutBrowse
v2014.09.22.01

McAfee
Artemis!BCBC3FEACB91
5600.6999

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Reason Heuristics
PUP.Mindadmedia.M
14.8.7.21

Sophos
OutBrowse
4.97

VIPRE Antivirus
OutBrowse
26712

File size:
1.3 MB (1,365,440 bytes)

Product version:
2.0.0.1

Copyright:
(c). All rights reserved.

Original file name:
setap.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\dm1393282886.exe

Digital Signature
Signed by:
Mindad media Ltd.

Authority:
COMODO CA Limited

Valid from:
8/4/2013 5:00:00 PM

Valid to:
8/5/2014 4:59:59 PM

Subject:
CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata
Compilation timestamp:
2/23/2014 12:59:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:gRlRvjpBoaIlwwnm+KL7zhfyAHhVuyMlXRrOvmb1PW2:2rLro5EZf5BMyqXtOv4hW2

Entry address:
0xEC7C7

Entry point:
E8, 35, AD, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 54, EE, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, FC, 9A, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, EC, 9A, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D...
 
[+]

Entropy:
6.3201

Code size:
1 MB (1,082,880 bytes)

Remove dm1393282886.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.