» setup.exe
Overview
Analysis
File Details
Network (1)

setup.exe

significant citation one the

Sergiy Maratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application setup.exe by Sergiy Maratov has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.

File name:

setup.exe

Publisher:

that and be (signed by Sergiy Maratov)

Product:

significant citation one the

Version:

1.1.0.0

MD5:

119de5e5ce29a6f8cc13be89c846fd8e

SHA-1:

24ec7660611dc84b01a2c615772ce514f8807a3f

SHA-256:

c9d706f0b732c4ae14c13860f761c237be95cac028d73d803006e776a05e1d82

Scanner detections:

31 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

5/10/2024 11:49:51 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

6561816

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

2015.02.28

Avira AntiVirus

ADWARE/Adware.Gen

7.11.212.228

avast!

Win32:MultiPlug-BF [PUP]

150129-1

AVG

Adware Generic5.BDUM

2014.0.4257

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.290

Clam AntiVirus

Win.Adware.Agent-8242

0.98/20120

Comodo Security

Application.Win32.MegaSearch.ATK

21233

Dr.Web

Trojan.WebPick.2786

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

9.0.0.4799

ESET NOD32

Win32/AdWare.MultiPlug.AP application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.445

2/27/2015

F-Prot

W32/A-7705bbff

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.103

5.13.68

G Data

Gen:Variant.Adware.Dropper.103

15.2.25

IKARUS anti.virus

AdWare.Graftor

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.1915113

Kaspersky

not-a-virus:HEUR:WebToolbar.Win32.Cossder

14.0.0.2421

Malwarebytes

PUP.Optional.Multiplug

v2015.02.27.08

McAfee

Program.PUP-FLT

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

16.0.0.174

NANO AntiVirus

Trojan.Win32.WebPick.ddisqf

0.30.0.296

Norman

Gen:Variant.Adware.Dropper.103

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.02.27.08

Quick Heal

AdWare.MultiPlug.r5 (Not a Virus)

2.15.14.00

Reason Heuristics

PUP.Installer.SergiyMaratov

15.2.27.20

Sophos

PUA 'MultiPlug' (of type Adware)

5.11

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4150696

37788

Zillya! Antivirus

Backdoor.Klon.Win32.1199

2.0.0.2084

File size:

1.9 MB (1,964,648 bytes)

Product version:

1.1.0.0

Original file name:

size

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Language:

English (United States)

Common path:

C:\Windows\System32\setup.exe

Digital Signature

Signed by:

Sergiy Maratov

Authority:

Unizeto Technologies S.A.

Valid from:

6/24/2014 5:13:54 AM

Valid to:

6/24/2015 5:13:54 AM

Subject:

E=SergiyIvanovich@hotmail.com, CN=Sergiy Maratov, O=Sergiy Maratov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

774A5B60838D600A3706CAB0BC5A6286

File PE Metadata

Compilation timestamp:

7/31/2014 6:34:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:oxoefX2AMQAIEy423txTo+G7SAeCh4JJn3Oma4NMzz:HAnV9lh6SA7h4Hn3Omagc

Entry address:

0x18BBB

Entry point:

E8, 87, 7C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, EE, 42, 00, E8, 6F, 0D, 00, 00, E8, A2, 03, 00, 00, 0F, B7, F0, 6A, 02, E8, 1A, 7C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 53, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

141 KB (144,384 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.