» setup-remove-ads.exe
Overview
Analysis
File Details
Downloads (19)

setup-remove-ads.exe

RemoveAds

Major Share (MajorShare.com)

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Major Share (MajorShare.com)

Product:

RemoveAds

Description:

RemoveAds Setup

MD5:

14ead9db2334b969797789a5d9784dbc

SHA-1:

fd1b8d5d6529e2d1c3fa98af9c30de0fa498f353

SHA-256:

9bd62d595e7830a830c2dfdd3834a887b53958e1086d29438f0be54e1082ec34

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 8:38:51 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.DownWare

4.0.3.14108

ESET NOD32

Win32/DownWare

8.10480

File size:

428.6 KB (438,864 bytes)

Product version:

1.4

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:1nvpy4L8+iDNdRNanL8tubigu7tt6l2ErhO01SCm:1nvYk8Dd7cY0ugux2TrhbICm

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9261

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file setup-remove-ads.exe has been seen being distributed by the following 19 URLs.

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1476670027&Signature=E7LP7ZBjtE2Tcyp~4hKfHc2vgv4L5A6FMEjNgG9fOZlPlbyF59dLlK2iBDLzHXlBISOsCAZ2dBIsfMKXfNTOnM7UDzMKc4NAIIaJ54exgG-lm-K4~kK6TRRzXMp-4-7U5M87QeWzVvhNMIhwaz5LiGoqbTeGUuOCI0VVC~M0HhE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1478245386&Signature=FGvzkQ8eecnLcyBnC8VF68tLXKbjxkBlpivVZdDv4MvTMoY5NnofSJiumDGq692rIglqR8I4m7zqIeZsO3NzKXPgN2EHRXLyWgm~br4looF19kgaTmKl7Kpw3xfBylcaxhTWZhTJDJcbUToq2mAvWVSfrUUb4O2u5Enb5dzhGcI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1479509179&Signature=iXPkApWgEYf1V532aL7TnYF-Z--dYG3ZX1k1bPUpTzXs9WPATYeRv0PeLlkdN6luOAi~FKK6p-hVMBVLN3~IDDOg7UgG~LhscgSCW3VsUFkxJ6GYAcpPKPw3htZTixYvbJMZmO~cj4ObzH7rh5e6HVv-lATO17BO3bTIWT5Qn78_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1428279352&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=PHvfEPnFmqCDIeRXtj7nvXh-YE-D4Uxf6e5t2ck3jB0VJ2L0gXkxFfcuB7RdPWvZ1FVZ11~pUFxjWqLfca2y~MTVi0NOyHHd7o19OY9EiKecHtQ6T5gGbrgTSw4zsgccYyVgThKNae3v1GE3Az6r09qHVRLDJ61FMHIJyUCSTDE_&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_br&type=PROGRAM&Expires=1429854079&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Ez~XedSYpFNlYwCGLYcwQCA1OKpFxMEReAjvZ5H4m5U7GjuFzVHE7YMAAs5ibpzxtk~-PHSFnhlBJRYxzPyao02tl5p~h~5wOprSg8TAEHyAyaX9vdwl1DKcbT0~d4unmNhuXWViO~hAY~VSpeyrx6RocDPrd1XFy7Ao9i0nmWY_&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1442185314&Signature=U7PRZhdtWYtNyeohePcUHxTTDTaG2oNU4FvyVJoKWP5Z7Ejx~RDa~5AIQKilsfMItRP0vk7wEmyE5SDOatU7-AK36YJgengMQGcDhCgTm0HLAG0jLzFgn324E~3cxzyoI1gNY0U1SgutNSvqfOaMLnWIz~19ZhwXYG8-72dBXcY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1448150126&Signature=b2UJ8aXyMlrJUy17t5kbJoGpZkLq1-JIT6ADA0KFGIz6LTX2IJlRUCY-lZIcKp4~S3UMSBWLpUvSE7YdGngySniyybLn8GhEp4CL9fV485MNYNViKjAA3vsTEpaUVX4okHy5~36yap-m31I3rn8YDqOjWXirX4VnqN07w5ObkmM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_br&type=PROGRAM&Expires=1438854354&Signature=ETydShYEVW0AYn4Vjk4xwglW~KVOeP~p3RELe~QGvBZeid4PvrZdAGMrOoZSalf20gA-CRuQbAOMqNDn7fQtdsxmyPk9TiJk9oNtgHix1y5VJ4gMZMOx3~jGz6cjI8adu0UneOpZQeHwzOrX4GA34qBE6~GZX088OKd8AcclBT4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1437278517&Signature=DNmzpabC8Oyipifp~11NQAG6YRunKhtG483WGed8gRo0v3GnGJQupQ6REdnUdjNrqWZMujL66~wY2xcklfLkgHaErVVg3T7sZebK4gxdjjvpUuFhaYMz1P0UEOrQqj-G-6o22QeqBGGkgdHmC7BdhLgq4uezoxtO12B0dDwTJpQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1442125341&Signature=Q7zLfSFo-yYv6LNFr0yHJocGzac2-XIgtw-dgJHDz-yeEsFUVYCirfmEeZMAX3tdjy8m~SHqkhfimzruIWxEWeboBvC1h8NLXM~sPJQF0mBYLLOID06owImB-7DdhvyeeFw4z8OtSNbPmt3P~xBgYwhclHXBNq0zJq~gpXogexM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1446422382&Signature=VVcn4~cndQCnX0zlkHmf5K6XUxbuuR2cv2TAFhY4Deb~VPvXVQ~RbijAkzak-VfBfUwPaaB-JH5hSQTXT5KGW16z3Af6vLd1xr~YnlSwMJTZGhsR50q36bcYwbGLFlLjS0hYY1J7qiidNw3kFmha6~P5YJhHGehPLGdsXuiVjG0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://s1.majorshare.com/.../setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1441465890&Signature=KzMqKutHhgSQwUbT4RlMIhVXogd4YJ78ez6x1854KwG6Xnc4ZjqP3PS4LmBcjsskT9rgMSElAQz~NcA9nOE1j1RiZeXFLVmfsEYjJxwqla61LyExQP4dCZbJVIl0x7LIMyn2LcTsfVVNo5MpWkmXe79RfowPUu4XD6AgWA7BX70_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1444767654&Signature=LJHV0rLCdRcYcZ1iBBSC7d25aJOF1WZh1p-uQ4ERQ-SecsGRsXl~jWHB-HmNyJfteu98qk8IU17MeGWk~38k-ALk7fkc1EtGlHTdFcgaW3po4EvPD88xhYoHoUOwG2m56XI1n~go7iFjFNhToAn3p8M0M2Uhv2gfDzV~1745mOE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1454816885&Signature=W1NzeSfrNqaXlRm9O6naNMk7nuKCEka~6kg3~kPTN0nTYMyu-kHI41IlLJlSeuGbDWOQ549wmac6L5uid7QDX7yaz5YTWuu7B-461QQmuAOIIDzXb4O8XLWUbVmEfAvf8U~wR-xQLicJ9yMLODQtmi-YvvCMZjwlpEdf5Uk~aik_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1428410644&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=D6XhWC37QDCRVy1vuPZOX5HV1INQoODgPIJPkZsfQrsBCvyhr2IMDNvmGsV5893AzmL~7Kx7lCeDBQS5oBW7uRksOuJWtUbFN7P-MYyIPVVAymtNV7M~BLWMCK4pXSYHFkXGhcnZ5d-RgegDSTUOYJxjOqopRyp0ddpVe-FzGzI_&filename=setup-remove-ads.exe

http://global-shared-files-lw.softonic.com/fd1/b8d/.../setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1426396070&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=SFj7RqnCYK5oKw7GHottxbG~6qXDc-K7tf1Ykbr~bMgMB8BnNeETSCbxurfmrnWwonwisg~nkIUxs06bmZ-sdpLP3FbJkXM59IEJIXNDmwqBrnnBCstO6CKy39UelvCy7qUjuSzQqNY-hOdGSyalz7QJGWGtkPGc6OA6CCOmkeA_&filename=setup-remove-ads.exe

http://gsf-cf.softonic.com/fd1/b8d/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3348771&instance=softonic_en&type=PROGRAM&Expires=1423273572&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=glnFSp1OPiPhlTnoEk7WwX05u~qQZ~AiRoVXhJI-3yVncfrh0WTYi3N~fgEX7MvL4cbdT5dHS0QnXq9OAaPZoZLkHM3kdzkZ7upUERtjJvuU~fXsf6JkXlJrrIdkRT-~5USXlrzl-KyKXu7Sd9-bn~UvP~5CQ8369MvOjZHFW4I_&filename=setup-remove-ads.exe

Scan setup-remove-ads.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.