home

fl_setup.exe

Fileadventure

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application fl_setup.exe, “Swift Installer ” by Fileadventure has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from thskncwp.pn-installer4.com and multiple other hosts.
Publisher:
Swift Installer   (signed by Fileadventure)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
5876eae3040cfb40c4434b51e27da438

SHA-1:
5aa58fe5b87046bee7eb1e771b13424b70ead94a

SHA-256:
79ff21488ec623c6cc15646f2626bf12c9ed43f81283872c961ea324a85db4c0

Scanner detections:
20 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/5/2024 9:19:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.117133
6243344

AhnLab V3 Security
PUP/Win32.IBryte
2014.12.25

Avira AntiVirus
Adware/iBryte.zline
7.11.197.166

avast!
Win32:Adware-gen [Adw]
141214-1

AVG
Generic
2015.0.3251

Bitdefender
Gen:Variant.Zusy.117133
1.0.20.1790

Comodo Security
Application.Win32.Ibryte.NW
20461

Emsisoft Anti-Malware
Gen:Variant.Zusy.117133
9.0.0.4668

ESET NOD32
Win32/Adware.iBryte.BR application
7.0.302.0

F-Prot
W32/A-a1a6e5b1
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.117133
5.13.68

G Data
Gen:Variant.Zusy.117133
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14440

MicroWorld eScan
Gen:Variant.Zusy.117133
15.0.0.1074

Norman
Gen:Variant.Zusy.117133
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.24.09

Reason Heuristics
PUP.Installer.Fileadventure.I
14.12.24.8

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4798837
35418

File size:
325.4 KB (333,176 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fl_setup.exe

Digital Signature
Signed by:
Fileadventure

Authority:
COMODO CA Limited

Valid from:
7/13/2014 8:00:00 PM

Valid to:
7/14/2015 7:59:59 PM

Subject:
CN=Fileadventure, O=Fileadventure, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EF279A57EB2CCFE0FCD97FC0F239ADE

File PE Metadata
Compilation timestamp:
12/2/2014 10:07:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:0ZE6f4XGyKVkdtZchQpv8DOHUmhJyCeRBo9cjnFPsYUybtOwM6hUYyM9yI6qGc:msGyoinv8aHUmhJmRS+nFPsYlY0B9ZGc

Entry address:
0x182C3

Entry point:
E8, 59, A7, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, A6, 43, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, A6, 43, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F...
 
[+]

Entropy:
5.8907

Code size:
183.5 KB (187,904 bytes)

The file fl_setup.exe has been seen being distributed by the following 2 URLs.

http://thskncwp.pn-installer4.com/o/.../fl_setup.exe

http://secure.pn-installer45.com/o/.../fl_setup.exe

Remove fl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.