home

gamessetup.exe

Games Toolbar Powered by Inbox

Xacti

The application gamessetup.exe, “Games Toolbar Powered by Inbox Setup ” by Xacti has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from toolbar.inbox.com.
Publisher:
Xacti, LLC   (signed by Xacti)

Product:
Games Toolbar Powered by Inbox

Description:
Games Toolbar Powered by Inbox Setup

Version:
2.0.1.117

MD5:
f5d3148a44798b68a816237f6d381878

SHA-1:
929ed181c8d29e554b42fbe2533c0c3a8c90efcd

SHA-256:
76d291d858dd562a26be4cd69b178be8f824208e76d9c0de8f86054786e33b4c

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 3:20:14 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MusIn
7.1.1

Avira AntiVirus
Adware/Agent.2486912
7.11.213.62

AVG
Adware Agent
2017.0.2856

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.PCFixSpeed
0.98/19360

Comodo Security
Application.Win32.Inbox.E
19165

Dr.Web
Adware.Downware.9458
9.0.1.023

ESET NOD32
Win32/Toolbar.Inbox.L potentially unwanted application
10.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2016-23-01_7

G Data
Win32.Application.ToolbarCrawler
16.1.25

IKARUS anti.virus
PUA.Toolbar
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13358

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.Generic
14.0.0.774

Malwarebytes
PUP.Optional.ToolBarInstaller
v2016.01.23.05

NANO AntiVirus
Riskware.Win32.Toolbar.dqlgsc
0.30.20.1219

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

Reason Heuristics
Win32.Generic
16.1.23.5

VIPRE Antivirus
Threat.4150696
32210

File size:
2.4 MB (2,484,328 bytes)

Product version:
2.0.1.117

Copyright:
copyright © Inbox.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\gamessetup.exe

Digital Signature
Signed by:
Xacti

Authority:
Thawte, Inc.

Valid from:
8/29/2013 1:00:00 AM

Valid to:
9/19/2015 12:59:59 AM

Subject:
CN=Xacti, O=Xacti, L=Boca Raton, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
723180E2A807DDA0F77264108931DA53

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:c6VmoEjY+XQdJAzzAYgeHy5Rez5ftMQb+reyafNnl4IX0sebA5rOYiZna:c6Vm/UHW3zNAReNfaQb+k1uIXNebSivQ

Entry address:
0xC1C0

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01...
 
[+]

Entropy:
7.9941

Developed / compiled with:
Microsoft Visual C++

Code size:
46.5 KB (47,616 bytes)

The file gamessetup.exe has been seen being distributed by the following URL.

http://toolbar.inbox.com/.../GamesSetup.exe

Remove gamessetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.