» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Western Web Applications, LLC

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.safemonitorapp.com.

File name:

setup.exe

Publisher:

Western Web Applications, LLC (signed and verified)

MD5:

602efbf4293f6041d607c73c9f9728d0

SHA-1:

0549ad9c0a34900df59002799730d2ab8fb8cc60

SHA-256:

528029a1bc39b4305f7325459d84d4b23f9ba6df76c58dac1515e98d4de52621

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/27/2024 1:18:24 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

16.10.31.17

File size:

1.5 MB (1,625,216 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

Western Web Applications, LLC

Authority:

COMODO CA Limited

Valid from:

5/23/2013 8:00:00 PM

Valid to:

5/24/2014 7:59:59 PM

Subject:

CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A1B337726D509D16C17362E2E625DE9

File PE Metadata

Compilation timestamp:

6/6/2009 5:41:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:PTz7XEgtVT8slOPQZNb7hge0RNI8xzHs/W4I5PRC/Rodslrvci0+GMK+:34gLT8sMPQpZMWizH54OwpnlrEiF0+

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9821

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dl.safemonitorapp.com/SafeMonitor/566/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.