home

setup.exe

SmartPCFixer

LionSea Software co., ltd

The application setup.exe, “SmartPCFixer Setup ” by LionSea Software co., ltd has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.smartpcfixer.com and multiple other hosts.
Publisher:
LionSea Software   (signed by LionSea Software co., ltd)

Product:
SmartPCFixer

Description:
SmartPCFixer Setup

MD5:
d601f7313aa32516e737a4a7686c8c1c

SHA-1:
0c2fced863c8f3591c0a70600110d1397afb978f

SHA-256:
3215e89df4247cce25f309c5260f67f48735493338c522008866b1ac23f2fb4c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:48:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.LionSeaSoftwarecoltd.F
14.3.1.8

XVirus List
Win.Detected
2.3.31

File size:
4.1 MB (4,285,072 bytes)

Product version:
4.2

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\setup.exe

Digital Signature
Signed by:
LionSea Software co., ltd

Authority:
VeriSign, Inc.

Valid from:
2/22/2013 1:00:00 AM

Valid to:
3/24/2016 12:59:59 AM

Subject:
CN="LionSea Software co., ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
288A6842C331C5443D747BDABF31E2A3

File PE Metadata
Compilation timestamp:
12/20/2011 3:16:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:a6E2YZALr+pw/Kd7eWKrhKtlv63abGtX0fKJ8uvamlIfS3LIw/PS3rMe9RqC:a6pYZqC6Cd7e7d4li3+Gyk8uC2p7Iw/c

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://www.smartpcfixer.com/.../setup.exe

http://download.smartpcfixer.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.