home

setup.exe

Interesting Solutions

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Interesting Solutions has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from e46m3.vanoshield.com.
Publisher:
Interesting Solutions  (signed and verified)

MD5:
3b8ab45a80c4626c0cc87b7fd7c9bb42

SHA-1:
1b07013103d510f5b7ac9e1fcbb6daf777f042e3

SHA-256:
3164ee44978307868c169b3ebe9e4e72f3882a18b2805174dc5f2f99e016eb49

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/30/2024 3:15:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Jatif.98
624

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.217.198

avast!
Win32:Adware-gen [Adw]
2014.9-150522

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.15522

Bitdefender
Gen:Variant.Adware.Jatif.98
1.0.20.710

Emsisoft Anti-Malware
Gen:Variant.Adware.Jatif.98
8.15.05.22.06

ESET NOD32
MSIL/Adware.PullUpdate.J.gen (variant)
9.11329

F-Secure
Gen:Variant.Adware.Jatif
11.2015-22-05_6

G Data
Gen:Variant.Adware.Jatif.98
15.5.25

K7 AntiVirus
Adware
13.201.15277

Malwarebytes
PUP.Optional.WebGuard.A
v2015.05.22.06

McAfee
Artemis!A672D28A1DDB
5600.6758

MicroWorld eScan
Gen:Variant.Adware.Jatif.98
16.0.0.426

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Injekt.Installer
15.5.22.2

Sophos
Pull Update
4.98

Trend Micro House Call
TROJ_GE.F08E8657
7.2.142

VIPRE Antivirus
Injekt
38488

File size:
4.5 MB (4,741,600 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\p6ivudnf6y\setup.exe

Digital Signature
Signed by:
Interesting Solutions

Authority:
Symantec Corporation

Valid from:
2/18/2015 6:00:00 PM

Valid to:
4/19/2016 6:59:59 PM

Subject:
CN=Interesting Solutions, O=Interesting Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
65BAC0C20EBC1780150DDA8808B0161A

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:uu1/smUWQTs/oACzr3NGyvjjzXb9NcEBhtnacgTIn4Jj0NMxtw:um/smZQooJzr3XRNc8eTInNNMxO

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9827

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://e46m3.vanoshield.com/wg/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.