home

flashplayerpro_setup.exe

SetupManager.exe

Optimum Installer

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flashplayerpro_setup.exe, “flashplayerpro ” by Optimum Installer has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
SetupManager  (signed by Optimum Installer)

Product:
SetupManager.exe

Description:
flashplayerpro

Version:
3.4.8

MD5:
96a7f3c4a89811d9e793dc5e21c54157

SHA-1:
9a2b15ebc3ece4acf5e8034fe7ce17378d7a82c2

SHA-256:
8e17f1b5512dd6e6a2b2314c89e5c445adf665be80bef081543e7f7f4e80555d

Scanner detections:
33 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 12:59:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Adware.Generic.513195
926

Agnitum Outpost
Adware.iBryte
7.1.1

AhnLab V3 Security
Adware/Win32.Agent
14.07.23

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.160

avast!
Win32:Installer-J [PUP]
140617-1

AVG
Adware Generic5.ABEH
2014.0.3986

Bitdefender
MemScan:Adware.Generic.513195
1.0.20.1020

Clam AntiVirus
WIN.Adware.Ibryte-137
0.98/213

Comodo Security
ApplicUnwnt.Win32.AdWare.iBryte.H
18142

Dr.Web
Adware.Downware.1260
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Adware.Generic.513195
8.14.07.23.08

ESET NOD32
Win32/Adware.iBryte.G application
7.0.302.0

Fortinet FortiGate
Riskware/IBryte
7/23/2014

F-Prot
W32/Ibryte.C.gen
4.6.5.141

F-Secure
MemScan:Adware.Generic.513195
11.2014-23-07_4

G Data
MemScan:Adware.Generic.513195
14.7.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11833

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Ibryte
v2014.07.23.08

McAfee
Adware-FOO!E566FB543061
5600.7060

MicroWorld eScan
MemScan:Adware.Generic.513195
15.0.0.612

NANO AntiVirus
Riskware.Win32.Agent.csqusr
0.28.0.59492

Norman
Agent.ASWDM
11.20140723

nProtect
Trojan-Clicker/W32.Agent.895784
14.04.21.01

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.OptimumInstaller.U
14.8.8.3

Rising Antivirus
PE:Adware.iBryte!6.A7
23.00.65.14721

Sophos
iBryte Optimum Installer
4.98

Total Defense
Win32/Zbot.HGO
37.0.10927

Vba32 AntiVirus
SScope.Adware.OptimusInstaller.26607
3.12.26.0

VIPRE Antivirus
Optimum Installer
28462

Zillya! Antivirus
Adware.Agent.Win32.8159
2.0.0.1783

File size:
872.8 KB (893,736 bytes)

Product version:
3.4.8

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Digital Signature
Signed by:
Optimum Installer

Authority:
VeriSign, Inc.

Valid from:
10/10/2012 6:00:00 PM

Valid to:
11/7/2013 5:59:59 PM

Subject:
CN=Optimum Installer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Optimum Installer, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7C5F27B776ADBBB7943F700066A490BF

File PE Metadata
Compilation timestamp:
6/18/2013 2:35:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:tot7o0WkM95AjIgGtJDt9HvoGRI2DHXkix3:K25AjIXtfZT5DHXNx3

Entry address:
0x57332

Entry point:
E8, 94, F1, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 0D, F2, 00, 00, 83, C4, 14, 5D, C3, FF, 35, 3C, 33, 4B, 00, E8, A9, 4C, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 62, AE, 00, 00, 6A, 01, 6A, 00, E8, 0C, F5, 00, 00, 83, C4, 0C, E9, ED, F3, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B...
 
[+]

Entropy:
6.7252

Code size:
482 KB (493,568 bytes)

Remove flashplayerpro_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.