home

setup.exe

Giveaway of the Day

Softdeluxe Ltd.

The application setup.exe by Softdeluxe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. Additionally, the file is typically installed by a number of programs including Epubor Kindle Transfer by Epubor Inc. and PcMedik by PGWARE LLC. The file has been seen being downloaded from www.pimaco.com.br. While running, it connects to the Internet address giveawayoftheday.com on port 443.
Publisher:
giveawayoftheday.com  (signed by Softdeluxe Ltd.)

Product:
Giveaway of the Day

Version:
2.0.2.30

MD5:
2713938dc9d2d3bacf96eeb5889b3e45

SHA-1:
06074ccfec240026c3bd767a32520ec2824620d1

SHA-256:
e56d61b04a714a9a57f77b034c0e39bdb74651def41e2caa8b21a11d0d6566ad

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 11:00:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softdeluxe.giveaway.Installer.Meta (M)
16.6.10.13

File size:
2.4 MB (2,542,688 bytes)

Product version:
2.0.2.0

Copyright:
Copyright (C) giveawayoftheday.com, 2006-2015

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Softdeluxe Ltd.

Authority:
COMODO CA Limited

Valid from:
8/12/2013 3:00:00 AM

Valid to:
8/12/2016 2:59:59 AM

Subject:
CN=Softdeluxe Ltd., O=Softdeluxe Ltd., STREET="Universitetskaya St., 19", L=Dubna, S=Moscow region, PostalCode=141980, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2E75CC2B1043779E577FAA449BCE00A4

File PE Metadata
Compilation timestamp:
8/25/2015 10:56:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:0yAjMTPGQvIklWpTw6z3RL469ypSYXg8tZzKUceXq+ml:0vNQblWp8aNlYXgozMeX9ml

Entry address:
0x5E2000

Entry point:
EB, 08, 0F, 8E, 26, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1F, 1B, 00, 00, 01, 00, 30, 82, 1B, 1B, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 0C, 30, 82, 1B, 08, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 02, 00, 00, 00, 26, 00, 00, 00, 01, 00, 0D, BF, 62, A8, C4, 74, C9, C5, 3A, 37, 6E, 00, 12, F6, 6E, 98, 5B...
 
[+]

Code size:
1.4 MB (1,496,576 bytes)

The file setup.exe has been discovered within the following programs.

AbstractCurves x64  by AbstractCurves Software
www.abstractcurves.com
About 8% of users remove it
Epubor Kindle Transfer  by Epubor Inc.
www.epubor.com/transfer.html
About 1% of users remove it
Macrorit Data Wiper Professional 2016  by Macrorit Inc.
macrorit.com
About 8% of users remove it
Password Recovery Bundle 2016  by Top Password Software, Inc.
www.top-password.com
About 7% of users remove it
PcMedik  by PGWARE LLC
Publisher's description - “PCMedik instantly makes your computer faster and fixes common problems associated with frustrating slowdowns and errors.”
www.pgware.com/products/pcmedik
36% remove it
PDF Impress 10  by BinaryNow, Inc.
About 2% of users remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following URL.

http://www.pimaco.com.br/.../setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to giveawayoftheday.com  (204.155.149.200:443)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.