home

javasetup.exe

Tacitolen

ConnectorBeam (New Media Holdings Ltd.)

The application javasetup.exe, “Tacitolen Setup ” by ConnectorBeam (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
ConnectorBeam (New Media Holdings Ltd.)  (signed and verified)

Product:
Tacitolen

Description:
Tacitolen Setup

MD5:
1a5937e103d8c564cb2278df34c59eef

SHA-1:
ddbca0e6772b556ee3777a4b6cec84ad26f1a80f

SHA-256:
cee75fd1b63add8f747a30478705208ea9f4c24e2c5ab4677e065e9621830bd0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/13/2024 7:51:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.15.11

File size:
1.2 MB (1,250,456 bytes)

Product version:
5.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\javasetup.exe

Digital Signature
Signed by:
ConnectorBeam (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 7:11:14 AM

Valid to:
5/23/2017 9:32:04 AM

Subject:
CN=ConnectorBeam (New Media Holdings Ltd.), O=ConnectorBeam (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212D71259ED669D28D6D8FBB7A7C0C6F79

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9840

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file javasetup.exe has been seen being distributed by the following URL.

http://www.flashbundlesfactory.com/lyhf0WMQZE7B2dKfbxWAIZxR9ru11wALexI90_D5Uv1bi8GAGkxOsuVwCPNtejbKxY9pnXiwejqcoRQPZqVFimcz4rBn3jIDBoanAQwFQbk0nCLRoONPOyBVb2MHCJRe1RUHqvopfYUsi5Ew8VWvmXSby5HBvjfQEbekxZ_R xjmoYEtau56VaYblC5pOqP1lDQ1Vu1x1DITN5KsMRS4TSFBCCcZkKmG6osHV Nspk9CWb0OdBk4F_ufsSpImpXOzcf2HFSpDiGc k8uSTJZ5eYfzIVX0F5tyirdWh6PeDFrxAA8iEsQxX8rQ37Q8koG2WBCC7fffpVvXEXYU0_8jWSHQ69WDtLMq81Lpqjy7k7I1CW 10H_eepyG_pMTA4N2TZ7CAPljNN7tchdHsLgAcRzO7lhhM9f3nQMwKQ9twjHe1xAt0uwHuKaxi2uyuIBi0OQwG8IUKsEfuBy3bYVujG4x3ESNTmETAOERb37h2ulvutbVIYI4yscJqn0R_074pXoz GW2nZ5f92HviVGBnDAxkyD72Wjb6Uwj5b M_oxfoIjIbnmaUsvenjOZsYerU4X5o5xm0htebpnciVD8ZZm_UwAm0TfZY7Vu Z_RgPbXouUPVcvXc8pP1m4dZG5Hl475MtixmPjxFoT4NJB YpaQMIy4E9qqdlhpR_m YokZ7aoAenghwA0IOTVZRriFD6BjiYeJnEphvRgWa0qji4Oc3fU6S1IghkBgXxMSRAQHyJmip1UDlzzfAi9zt6zqNWr8CGryO17trdT4f_3yjqI_xy8bHmR1uU5UsAUseuzJxbqVEIvCKzPnigySklOWjy IjcKc8jp257BBHkpypYHCEx6uIurWx_QAuDwQwoeJlDhaAS6kLpzfeJzHDSedekERgISFfklb8iDqb66cu68Q8NYYA==-GzUAAORtm0vBUfhuqMOwiEKKuhCBClpIbmBK

Remove javasetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.