» Setup.exe
Overview
Analysis
File Details

Setup.exe

InstallVibes

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file Setup.exe by InstallVibes has been detected as adware by 27 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

InstallVibes (signed and verified)

MD5:

1adaeda5ffd5a181d45b590cb83cad8d

SHA-1:

248d01b599236d3fffd984ebe0cf5b48ac89452a

SHA-256:

d8295b109c7f203b3a58687f197babdad21258a16e64618bf23e0e56c7948719

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/18/2024 7:41:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.174485

6561816

Agnitum Outpost

Trojan.Inject

7.1.1

AhnLab V3 Security

PUP/Win32.Bundlore

2015.02.28

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:Rootkit-gen [Rtk]

150101-1

AVG

Win32/DH{gRJ+UIEHFVGBFYEJHFM}

2016.0.3185

Bitdefender

Gen:Variant.Adware.Graftor.174485

1.0.20.290

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-37391

0.98/20120

Comodo Security

Application.Win32.Bundlore.G

21235

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.174485

9.0.0.4799

ESET NOD32

Win32/Injector.JZ trojan

7.0.302.0

Fortinet FortiGate

W32/Inject.UJUS!tr

2/27/2015

F-Prot

W32/S-26cfa809

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.174485

5.13.68

G Data

Gen:Variant.Adware.Graftor.174485

15.2.25

K7 AntiVirus

Trojan

13.1915113

Kaspersky

Trojan.Win32.Inject

15.0.0.543

MicroWorld eScan

Gen:Variant.Adware.Graftor.174485

16.0.0.174

NANO AntiVirus

Trojan.Win32.Inject.dnxavk

0.30.0.296

nProtect

Trojan/W32.Inject.270056

15.02.27.01

Panda Antivirus

Trj/Genetic.gen

15.02.27.09

Reason Heuristics

PUP.Yontoo

15.2.27.21

Sophos

PUA 'Bundlore'

5.11

Vba32 AntiVirus

Trojan.Inject

3.12.26.3

VIPRE Antivirus

Threat.4754986

37788

Zillya! Antivirus

Trojan.Inject.Win32.157279

2.0.0.2084

File size:

263.7 KB (270,056 bytes)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

InstallVibes

Authority:

COMODO CA Limited

Valid from:

3/19/2014 5:00:00 PM

Valid to:

3/19/2016 4:59:59 PM

Subject:

CN=InstallVibes, O=InstallVibes, STREET=Ehad Haam 21 St., L=Tel Aviv, S=Israel, PostalCode=6515103, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F29201EBC1EAD2B751F2854AD68C6244

File PE Metadata

Compilation timestamp:

2/6/2015 7:05:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:jjkKZWygHY/PlI4pNsDhKhlLXIvWt8OhE025grUN9r+xmI3VeiYxfC37H8unxx/J:Pn04pqdgXIvWuylfrUiN3b8uxxxHs+

Entry address:

0x2F8B

Entry point:

E8, 47, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 6C, 10, 41, 00, 6A, 01, A3, AC, 96, 41, 00, E8, 94, 45, 00, 00, FF, 75, 08, E8, 29, 45, 00, 00, 83, 3D, AC, 96, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 7A, 45, 00, 00, 59, 68, 09, 04, 00, C0, E8, F7, 44, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 64, C2, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 90, 94, 41, 00, 89, 0D, 8C, 94, 41, 00, 89, 15, 88, 94, 41, 00, 89, 1D, 84, 94, 41, 00, 89, 35, 80, 94, 41, 00, 89, 3D, 7C... 
[+]

Entropy:

7.5418

Code size:

61.5 KB (62,976 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.