home

downloadsetup.exe

Setup

Artua Vladislav

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application downloadsetup.exe by Artua Vladislav has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from premiumstorage.info. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
Premium  (signed by Artua Vladislav)

Product:
Setup

Description:
Installer

Version:
2011.12.13.2110

MD5:
961a857d65eafc9cd604a3c01120c1bc

SHA-1:
26fa07523a9b99e5aa1d98ef75665cedf646e0d2

SHA-256:
88ef00c6fc628d6a63fec3de3296d698476a4493f9cffb8ccff261aa1b4a315d

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 1:56:59 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DR.Agent
7.1.1

avast!
Win32:InstallMate-CJ [PUP]
2014.9-160215

AVG
Adware Agent.E
2017.0.2833

Bkav FE
HW32.Packed
1.3.0.6379

Clam AntiVirus
Win.Trojan.Installmate-2
0.98/20077

Comodo Security
Application.Win32.Bundledz.C
21128

Dr.Web
Adware.Downware.97, Adware.Downware.121
9.0.1.046

ESET NOD32
Win32/InstallMate.Gen potentially unwanted application
10.7.0.302.0

K7 AntiVirus
Unwanted-Program
13.196.15011

Panda Antivirus
PUP/TSUploader
16.02.15.10

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.WebPick.ArtuaVladislav.Bundler (M)
16.2.15.10

Rising Antivirus
PE:Trojan.Dropper!6.B29
23.00.65.16213

Sophos
PUA 'InstallRex'
5.10

SUPERAntiSpyware
Trojan.Agent/Gen-InstallMate
9322

Trend Micro House Call
TROJ_PAM_0000010155.T3
7.2.46

VIPRE Antivirus
Threat.4753027
37588

File size:
238.1 KB (243,768 bytes)

Product version:
1.0

Copyright:
Copyright © 2010 Premium

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\downloadsetup.exe

Digital Signature
Signed by:
Artua Vladislav

Authority:
The USERTRUST Network

Valid from:
3/14/2011 8:00:00 PM

Valid to:
3/14/2012 7:59:59 PM

Subject:
CN=Artua Vladislav, O=Artua Vladislav, STREET=haRav Dangur 22, L=Bnei Braq, S=Israel, PostalCode=51281, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
302242B18FB354EA399140DBBA22B786

File PE Metadata
Compilation timestamp:
12/1/2011 6:07:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:dR+4UQ/l+yaA3loTp4fIRX1PJVuHusG5mlab8j5:dRFUQ/FboTyfIRRJVuHusamlaYj5

Entry address:
0x1513

Entry point:
55, 8B, EC, 81, EC, 38, 0B, 00, 00, 53, 56, 57, 8D, 85, E0, FE, FF, FF, 50, C7, 85, E0, FE, FF, FF, 14, 01, 00, 00, FF, 15, 74, 30, 40, 00, 85, C0, 74, 11, 33, C0, 83, BD, F0, FE, FF, FF, 01, 0F, 94, C0, A3, 00, 40, 40, 00, 33, F6, 66, 89, B5, C8, F4, FF, FF, 89, 75, F4, 89, 75, FC, FF, 15, 70, 30, 40, 00, A3, 08, 40, 40, 00, FF, 15, 6C, 30, 40, 00, 89, 45, F8, 68, 04, 01, 00, 00, 8D, 85, D8, FC, FF, FF, 50, 56, FF, 15, 68, 30, 40, 00, 85, C0, 75, 22, FF, 15, 64, 30, 40, 00, 50, 68, D0, 33, 40, 00, E8, EA...
 
[+]

Entropy:
7.9349

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

The file downloadsetup.exe has been seen being distributed by the following URL.

http://premiumstorage.info/.../

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove downloadsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.