home

powerisosetup-2508118-tfsb.exe

Trusted Software Aps

The application powerisosetup-2508118-tfsb.exe by Trusted Software Aps has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the BundleInstaller installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Trusted Software Aps  (signed and verified)

MD5:
59400692131e26266cd6a241990e34ce

SHA-1:
90523965cfda26c4d90160f510d440dce8fc629e

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/27/2024 12:12:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Injected
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.138.118

avast!
Win32:Malware-gen
2014.9-140707

AVG
MalSign.Trusops
2015.0.3501

Comodo Security
Application.Win32.InstallCore.BWAM
17978

Dr.Web
Trojan.Packed.25266
9.0.1.0108

ESET NOD32
Win32/Injected
8.9578

Fortinet FortiGate
W32/Injected.I!tr
7/7/2014

herdProtect (fuzzy)
variant of icreinstall_softwareupdatesetup.exe (Adware)
2014.7.7.2

K7 AntiVirus
Unwanted-Program
13.176.11806

Malwarebytes
PUP.Optional.Bundle
v2014.04.18.03

McAfee
Artemis!B734FB2D44D6
5600.7077

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.Installer.TrustedSoftwareAps.AA
14.8.8.1

Sophos
Generic PUA MB
4.98

VIPRE Antivirus
Adware.Win32.InstallCore.ba
27660

File size:
610.2 KB (624,816 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
BundleInstaller (using Inno Setup)

Language:
Language Neutral

Common path:
C:\documents and settings\valued customer\temporary internet files\content.ie5\{random}\powerisosetup-2508118-tfsb.exe

Digital Signature
Signed by:
Trusted Software Aps

Authority:
COMODO CA Limited

Valid from:
11/6/2013 5:00:00 PM

Valid to:
11/6/2016 4:59:59 PM

Subject:
CN=Trusted Software Aps, O=Trusted Software Aps, STREET=Bysoestrade 2B st., L=Holbaek, S=DK, PostalCode=4300, C=DK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DC2E7F902B196FB43F6CBF38ADF41AE8

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:dnvpgkD75uP3PfX8OJm3mAWsLVJvH1wpku8P72k+TMwiA9RlwRbBgukutv:dnvmkD7wP/fb8WAWo5v3WTMwimRlwRbH

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8540

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove powerisosetup-2508118-tfsb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.