home

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program FTP Find Files On Server Software by Sobolsoft. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
MD5:
1e8d7ba0ca5b0aa9cc6183bf3ba3ff82

SHA-1:
258f2ab4db086acf72bc3862b851e346178d55ec

SHA-256:
7ec09254545708544f320b31a8b0322e1a17b65ac9ae19a313c4660c0b376210

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 4:28:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-140426

AVG
MalSign.OutBrowse
2015.0.3493

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14426

Comodo Security
UnclassifiedMalware
18167

Dr.Web
Adware.Downware.1770
9.0.1.0116

ESET NOD32
Win32/OutBrowse (variant)
8.9725

Fortinet FortiGate
Riskware/NSIS_OutBrowse
4/26/2014

G Data
Win32.Application.OutBrowse
14.4.24

K7 AntiVirus
Trojan
13.176.11888

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3958

Malwarebytes
PUP.Optional.OutBrowse
v2014.04.26.08

McAfee
RDN/Generic PUP.x!bss
5600.7149

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.59492

Panda Antivirus
Trj/CI.A
14.04.26.08

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
4.14.12.00

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_SPNR.0BD614
7.2.116

Trend Micro
TROJ_SPNR.0BD614
10.465.26

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28606

File size:
928 KB (950,226 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata
Compilation timestamp:
12/1/2013 4:08:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:FNBItTCqL3J7AGsxaeTD8FtbfqrUQoCG/X2f27FN:+teG3J7EDkbqr7ku+7FN

Entry address:
0x1D728

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
149.5 KB (153,088 bytes)

The file setup.exe has been discovered within the following program.

FTP Find Files On Server Software  by Sobolsoft
www.sobolsoft.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following URL.

http://download1714.mediafire.com/9z5a2e2r69fg/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.