» finalizesetup.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

finalizesetup.exe

PrivDog

Adtrustmedia, LLC

The application finalizesetup.exe, “PrivDog Setup Tool” by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ComodoFSChrome’. This file is typically installed with the program PrivDog 2 Legacy Browser Plug-ins by Adtrustmedia, LLC.

File name:

finalizesetup.exe

Publisher:

Adtrustmedia, LLC (signed and verified)

Product:

PrivDog

Description:

PrivDog Setup Tool

Version:

1.5.0.14

MD5:

6f4e8aeba381bd575a711878fb5ab230

SHA-1:

2b4fe01988e6ae3b2a2d92af80a7a7822bdf3440

SHA-256:

9ff3bdc7ec673b1208408db37b4fb0bcb32a3cb01c5fb029fe017026d973f215

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:

4/26/2024 12:29:59 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Startup.Adtrustmedia.N

14.3.1.10

File size:

4.1 MB (4,247,208 bytes)

Product version:

1.5.0.14

Original file name:

finalizesetup.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\Program Files\adtrustmedia\privdog\finalizesetup.exe

Digital Signature

Signed by:

Adtrustmedia, LLC

Authority:

COMODO CA Limited

Valid from:

11/11/2012 4:00:00 PM

Valid to:

11/12/2013 3:59:59 PM

Subject:

CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza #330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7739F0D7E1D6C302E4AA8B647D9C7F52

File PE Metadata

Compilation timestamp:

9/17/2013 7:16:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:jXILOxiLYEMA0xiLYEMPzxiLYEMxIxiLYEMRHvIebeKIebZtIeb0cIebf:jXILOxrEMzxrEM7xrEMOxrEMlvIeaKIC

Entry address:

0x6C1E5

Entry point:

E8, D4, 67, 00, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B... 
[+]

Entropy:

7.9173 (probably packed)

Code size:

494 KB (505,856 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ComodoFSChrome

Command:

"C:\Program Files\adtrustmedia\privdog\finalizesetup.exe" \c

The file finalizesetup.exe has been discovered within the following programs.

PrivDog 2 Legacy Browser Plug-ins by Adtrustmedia, LLC

Publisher's description - “Your browser will only display ads from a trusted source. Malvertising is undermining trust on the web and a proactive response is required. Many prominent firms have unwittingly exposed their web site visitors to malicious web ads.”

privdog.com

62% remove it

Remove finalizesetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.