home

finalizesetup.exe

PrivDog

Adtrustmedia, LLC

The application finalizesetup.exe, “PrivDog Setup Tool” by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ComodoFSChrome’.
Publisher:
Adtrustmedia, LLC  (signed and verified)

Product:
PrivDog

Description:
PrivDog Setup Tool

Version:
1.7.0.12

MD5:
a47be1a77b0b654d09f6fb06b9c3ac62

SHA-1:
6c43d93f07f8a2cf5d87fe05c6176a26ea2423f5

SHA-256:
00e8ba6bbaa1df11d34a0c6471bb34b88ba67190813fe65a4b500f4e608f9ac4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:
7/21/2025 12:09:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.Adtrustmedia.N
14.2.21.7

File size:
4.4 MB (4,571,816 bytes)

Product version:
1.7.0.12

Copyright:
Copyright © AdTrustMedia 2012-2013. All rights reserved.

Original file name:
finalizesetup.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\adtrustmedia\privdog\finalizesetup.exe

Digital Signature
Signed by:
Adtrustmedia, LLC

Authority:
COMODO CA Limited

Valid from:
11/11/2012 6:00:00 PM

Valid to:
11/12/2013 5:59:59 PM

Subject:
CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza #330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7739F0D7E1D6C302E4AA8B647D9C7F52

File PE Metadata
Compilation timestamp:
10/15/2013 5:39:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:fXILGcs5JZQcs4ZAXcsX1QCcso5+2IeIA+6IeIA+AIeIA+XIeIA+7:fXILGcsf2csKMcsFvcsi1Iet+6Iet+At

Entry address:
0x6C1E5

Entry point:
E8, D4, 67, 00, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B...
 
[+]

Entropy:
7.9174  (probably packed)

Code size:
494 KB (505,856 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ComodoFSChrome

Command:
"C:\Program Files\adtrustmedia\privdog\finalizesetup.exe" \b \c


Remove finalizesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.