home

dm1393446611.exe

setap

Multiply ROI, Inc

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application dm1393446611.exe by Multiply ROI, Inc has been detected as adware by 11 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
@@@  (signed by Multiply ROI, Inc)

Product:
setap

Description:
setap file

Version:
2.0.0.1

MD5:
3fd5b77cfce28e28498d8330680cf0bc

SHA-1:
a8d9629e312d43c51b0e86e1831bc04670715a00

SHA-256:
900102b9dc23a2044d66dc42b6d29e05f696d1e21b5555991bd9b0821dca5759

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/25/2024 12:50:11 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

AVG
MalSign.OutBrowse
2015.0.3343

Emsisoft Anti-Malware
Gen:Variant.Kazy.203494
8.14.09.22.01

ESET NOD32
Win32/OutBrowse (variant)
8.9464

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3212

Malwarebytes
PUP.Optional.OutBrowse
v2014.09.22.01

McAfee
Artemis!BCBC3FEACB91
5600.6999

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Reason Heuristics
PUP.MultiplyROI.M
14.8.7.21

Sophos
OutBrowse
4.97

VIPRE Antivirus
OutBrowse
26798

File size:
1.3 MB (1,365,808 bytes)

Product version:
2.0.0.1

Copyright:
(c). All rights reserved.

Original file name:
setap.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\dm1393446611.exe

Digital Signature
Signed by:
Multiply ROI, Inc

Authority:
VeriSign, Inc.

Valid from:
2/28/2013 3:00:00 AM

Valid to:
2/27/2014 2:59:59 AM

Subject:
CN="Multiply ROI, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Multiply ROI, Inc", L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
071EA95218ABA65B6DE651F0EFE6F136

File PE Metadata
Compilation timestamp:
2/23/2014 11:59:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:FRlRvjpBoaIlwwnm+KL7zhfyAHhVuyMlXRrOvmb1PWh:zrLro5EZf5BMyqXtOv4hWh

Entry address:
0xEC7C7

Entry point:
E8, 35, AD, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 54, EE, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, FC, 9A, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, EC, 9A, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D...
 
[+]

Entropy:
6.3211

Code size:
1 MB (1,082,880 bytes)

Remove dm1393446611.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.