home

Setup.exe

Messenger Plus!

Yuna Software Limited

The application Setup.exe, “Setup - Messenger Plus!” by Yuna Software Limited has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from mirror10.installsmart.com.
Publisher:
Yuna Software  (signed by Yuna Software Limited)

Product:
Messenger Plus!

Description:
Setup - Messenger Plus!

Version:
1.8.0.124

MD5:
942d8d2978350846817f83f40823f9b6

SHA-1:
0c2bf9d91f05323a1509edf93a137a257c3f4106

SHA-256:
bfc0513e839f301435218e5fd2da6ce3306354e3a9d7b7dd2b1dca36840fdba5

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/26/2024 3:56:55 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.6
9.0.1.0297

ESET NOD32
Win32/MessengerPlus (variant)
8.9481

McAfee
Artemis!942D8D297835
5600.6967

Reason Heuristics
PUP.Optional.Installer.F
14.10.24.17

Trend Micro House Call
TROJ_GEN.F47V1015
7.2.297

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

XVirus List
Win.Detected
2.3.31

File size:
1.4 MB (1,478,024 bytes)

Product version:
1.8

Copyright:
Copyright (C) 2001-2013 Yuna Software

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Yuna Software Limited

Authority:
VeriSign, Inc.

Valid from:
8/31/2012 7:00:00 PM

Valid to:
10/19/2015 6:59:59 PM

Subject:
CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56EC82195199D735AD6E704B1B712CB5

File PE Metadata
Compilation timestamp:
4/28/2013 4:42:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:M1VZsA+1rlVGKU0i6mtEwZyRu/+zm0TrV4FZJDjEc6hrjExBrIJtG:M1f+1BU3lrEwZyPm0TrV4ZDjEhk

Entry address:
0x1DF0D

Entry point:
E8, 43, 5D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 60, D4, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, D4, D1, 42, 00, C9, C2, 08, 00, B8, 9A, 47, 42, 00, A3, A8, 3B, 43, 00, C7, 05, AC, 3B, 43, 00, 90, 3E, 42, 00, C7, 05, B0, 3B, 43, 00, 44, 3E, 42, 00, C7, 05, B4, 3B, 43, 00, 7D, 3E, 42, 00, C7, 05...
 
[+]

Entropy:
7.8983  (probably packed)

Code size:
172.5 KB (176,640 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://mirror10.installsmart.com/Builds/.../Setup.exe

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.