irsetup.exe

Setup Factory Runtime

Acoustica, Inc

The application irsetup.exe, “Setup Application” by Acoustica, Inc has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Indigo Rose Corporation  (signed by Acoustica, Inc)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.3.1.0

MD5:
17575e0c0747b26a23216a84043cccae

SHA-1:
faab8c658f8ab1ea376a08d821d0cdbbc6ea1fb6

SHA-256:
248621902d5db3fc6e90a97e687e36d310504b033dc8c0d809d7b019976668d9

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
10/24/2017 5:07:24 AM UTC  (today)

Scan engine
Detection
Engine version

Antiy Labs AVL
Trojan/Win32.KillAV
1.0.0.1

avast!
Win32:Mindspark-A [PUP]
2014.9-150716

AVG
Zango
2016.0.3046

F-Secure
Riskware.MemScan:Application.Bundler.Outbrowse
11.2015-16-07_5

herdProtect (fuzzy)
2015.7.16.22

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud)
331020.49267

Trend Micro House Call
TROJ_GEN.F47V1001
7.2.197

File size:
1.3 MB (1,351,520 bytes)

Product version:
9.3.1.0

Copyright:
Runtime Engine Copyright © 2014 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation

Original file name:
suf_rt.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\irsetup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/30/2012 8:00:00 PM

Valid to:
10/7/2015 7:59:59 PM

Subject:
CN="Acoustica, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Acoustica, Inc", L=Oakhurst, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
481BA03A5812854973889856C74E00D3

File PE Metadata
Compilation timestamp:
6/18/2014 1:44:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Si99lUn1YE1XpSogalfKQjUQjZEKKhnPAXt8aMHGdkkh3QYtkbxOqXz/DTfxsALs:F99un1YE10ogOfRuKKhnoSaRkklQY2fE

Entry address:
0x3C5500

Entry point:
60, BE, 00, 50, 68, 00, 8D, BE, 00, C0, D7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9209

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.3 MB (1,314,816 bytes)

Remove irsetup.exe - Powered by Reason Core Security