» Setup.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Setup.exe

PerforMax Cleaner

One Bit It co

The application Setup.exe by One Bit It co has been detected as a potentially unwanted program by 4 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program PerforMax Cleaner by OneBit IT. This file is typically installed with the program PerforMax Cleaner by OneBit IT.

File name:

Setup.exe

Publisher:

OneBit IT (signed by One Bit It co)

Product:

PerforMax Cleaner

Version:

1.0.0.0

MD5:

6ce8a11fd2ce6f471fdaa35550f10bd6

SHA-1:

02cd0274c4e2ffb4243f61a43f5e8cbffb60d631

SHA-256:

947e7db27413ba8e8edeab6184edef1e1da8fb51f7ca095ab202ff2b1355e33e

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 5:49:37 AM UTC (today)

Scan engine

Detection

Engine version

G Data

Win32.Malware.FakeCleaner

15.2.25

Reason Heuristics

PUP.Optional.Installer

15.2.9.12

Trend Micro House Call

TROJ_FAKEAV.BMC

7.2.40

Trend Micro

TROJ_FAKEAV.BMC

10.465.09

File size:

466.2 KB (477,344 bytes)

Product version:

1.0.0.0

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\application data\package cache\{cb0a81ab-dc10-4156-b20b-f94c2ca9915a}\setup.exe

Digital Signature

Signed by:

One Bit It co

Authority:

GoDaddy.com, Inc.

Valid from:

1/17/2014 10:37:02 AM

Valid to:

1/17/2015 10:37:02 AM

Subject:

CN=One Bit It co, O=One Bit It co, L=Weston, S=Florida, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

03F43624A250D9

File PE Metadata

Compilation timestamp:

11/28/2013 8:14:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:uU2KwxSHQ3CaCAfpJ8xoxAntdhXDyXhXuGMvaDghHa3I/E9WC9KMEBuxxb:LrwQwDfT8qx+lXvbaghKbW6FJ

Entry address:

0x267A5

Entry point:

E8, C9, 39, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, D0, 60, 45, 00, 75, 02, F3, C3, E9, C4, 40, 00, 00, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 44, 7C, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, 61, 45, 00, 01, 0F, 82, 79, 41, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B... 
[+]

Entropy:

6.9683

Code size:

229.5 KB (235,008 bytes)

Program Uninstaller

Program name:

PerforMax Cleaner

Display publisher:

OneBit IT

Display version:

1.0.0.0

Uninstall string:

"C:\ProgramData\Package Cache\{cb0a81ab-dc10-4156-b20b-f94c2ca9915a}\Setup.exe" /uninstall

The file Setup.exe has been discovered within the following program.

PerforMax Cleaner by OneBit IT

The software is distributed through ClientConnect download managers.

www.onebitit.com/products/performax-cleaner-remove-tracking-files-and-optimize-computer

49% remove it

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.