home

irsetup.exe

Setup Factory Runtime

MicroSmarts LLC

The application irsetup.exe, “Setup Application” by MicroSmarts has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This is the uninstaller utility registered in the Windows Control Panel for the program SpeeditupFree by MicroSmarts LLC. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory.
Publisher:
Indigo Rose Corporation  (signed by MicroSmarts LLC)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.2.0.0

MD5:
32be2e0f701fee035031a8e97999841f

SHA-1:
0ceead37e3f0469a02163126503911340b5b77d8

SHA-256:
337c0671e80d4103e4d3bb19877f37351a5475646161882d9a5f84387d0a4af9

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:
4/19/2024 12:35:56 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mindspark-A [PUP]
2014.9-151123

AVG
Micros
2016.0.2917

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.151123

F-Secure
Gen:Variant.Adware.Netfilter
11.2015-23-11_2

Panda Antivirus
Adware/WebSearch
15.11.23.06

Reason Heuristics
PUP.MicroSmarts.Installer (M)
15.11.23.6

Trend Micro House Call
Suspicious_GEN.F47V0620
7.2.327

VIPRE Antivirus
MyWebSearch.J
30940

File size:
1.3 MB (1,350,672 bytes)

Product version:
9.2.0.0

Copyright:
Runtime Engine Copyright © 2013 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation

Original file name:
suf_rt.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\irsetup.exe

Digital Signature
Signed by:
MicroSmarts LLC

Authority:
VeriSign, Inc.

Valid from:
1/30/2014 11:00:00 AM

Valid to:
3/1/2016 10:59:59 AM

Subject:
CN=MicroSmarts LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MicroSmarts LLC, L=Matteson, S=Illinois, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
727818EF39063758ECCB0D8BFF50F53F

File PE Metadata
Compilation timestamp:
8/28/2013 4:43:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:M3BrELwtW5a1bTFQE+m/OHe72CmAD/XWsQRs9fTSO7OwHmPWce6Nsd:KR2X6pymME2HAD/W5Rsleo+PWceaS

Entry address:
0x3C40A0

Entry point:
60, BE, 00, 40, 68, 00, 8D, BE, 00, D0, D7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9209

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.3 MB (1,314,816 bytes)

Program Uninstaller
Program name:
SpeeditupFree

Display publisher:
MicroSmarts LLC

Display version:
10.93

Uninstall string:
"C:\Windows\SpeedItup Free\uninstall.exe" "/U:C:\Program Files (x86)\SpeedItup Free\irunin.xml"


Remove irsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.