» duplicatephotofinder_setup.exe
Overview
Analysis
File Details

duplicatephotofinder_setup.exe

Installer

SECURE DOWNLOAD

The application duplicatephotofinder_setup.exe, “Installer Setup ” by SECURE DOWNLOAD has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Software application (signed by SECURE DOWNLOAD)

Product:

Installer

Description:

Installer Setup

MD5:

a820d6f7ac4d13df34d53fd484695cde

SHA-1:

8b2fe6e0b85c80b3223026d7d8ef65afca3a6284

SHA-256:

531f57ac8e6aa905d156b2395b170bb561a7a712c84fa68ddcc0fbc779bf86a7

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/19/2024 12:23:56 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/InstallCore.Gen

3.6.1.96

AVG

Adware InstallCore

2016.0.3179

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.1536

Dr.Web

Trojan.InstallCore.151

9.0.1.0163

ESET NOD32

Win32/InstallCore.XA potentially unwanted application

9.7.0.302.0

herdProtect (fuzzy)

variant of 3gptomp3_setup.exe (Adware)

2015.6.12.18

K7 AntiVirus

Trojan

13.202.15487

Reason Heuristics

PUP.Installer.AVSoftware EOOD

15.3.6.4

VIPRE Antivirus

Threat.4150696

38950

File size:

728.6 KB (746,072 bytes)

Product version:

5.4.8

Program Web

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\duplicatephotofinder_setup.exe

Digital Signature

Signed by:

SECURE DOWNLOAD

Authority:

DigiCert Inc

Valid from:

2/12/2015 1:00:00 AM

Valid to:

2/16/2016 1:00:00 PM

Subject:

CN=SECURE DOWNLOAD, O=SECURE DOWNLOAD, S=Washington, L=Seattle, C=US

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

011E452F011C189520248E025474276E

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:yWqpiypKl3waR3OClCyVZVR4qV6AlGntgDcB7UU2jkustZuqINQMi7A:yWq4y8gaR59n3XVvEVr2oustZu/i7A

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove duplicatephotofinder_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.