home

popitvsetuptr.exe

Setup Factory Runtime

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application popitvsetuptr.exe, “Setup Application” by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from 205.196.123.81.
Publisher:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.  (signed and verified)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.1.0.0

MD5:
89e50f8ddca1df5bae35688db9e484cc

SHA-1:
f382e53a7dc89895d7a65b2b89963a8001387576

SHA-256:
3320adf7f908a26f70f83e714d76d93a21aa07454651e700fc1c3bf35bea9c17

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 9:58:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.Deyyazil.Installer (M)
16.6.21.21

File size:
2.9 MB (3,007,744 bytes)

Product version:
9.1.0.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\popitvsetuptr.exe

Digital Signature
Signed by:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

Authority:
COMODO CA Limited

Valid from:
2/26/2013 2:00:00 AM

Valid to:
2/27/2014 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AA9B511464EAA0A58485815A3C6628FC

File PE Metadata
Compilation timestamp:
6/14/2012 7:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:PShySkASzCNzcvi57bxUxw2d6uIccchq7xGLF8VpYavgp/R61eb3MtVKGLz:qqBQzcahitd6uxcc6xGLAvgp/Q1eb8tl

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file popitvsetuptr.exe has been seen being distributed by the following URL.

http://205.196.123.81/hbctcl30wlrg/.../PopiTVsetupTR.exe

Remove popitvsetuptr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.