» setup.exe
Overview
Analysis
File Details

setup.exe

PDF Merger&Splitter

Greatelsoft Trading Ltd

The application setup.exe, “PDF Merger&Splitter Setup ” by Greatelsoft Trading has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

setup.exe

Publisher:

Conversionads, Inc. (signed by Greatelsoft Trading Ltd)

Product:

PDF Merger&Splitter

Description:

PDF Merger&Splitter Setup

Version:

1.2.0.1

MD5:

f8a6cb9b1c5de1745f342c0b9d1d4708

SHA-1:

3051afb9e88860762b9430a88d443850cd603a98

SHA-256:

445346e957496468e9367d9bae334332b30704c526d1e069a1234ac60c984fa8

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/19/2024 7:43:00 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/AddLyrics.A.103

7.11.90.246

avast!

Win32:AddLyrics-H [Adw]

2014.9-141221

AVG

Agent.F

2015.0.3253

Dr.Web

Adware.Plugin.84

9.0.1.0355

ESET NOD32

Win32/OutBrowse

8.8579

F-Secure

Adware.Generic.551733

11.2014-21-12_1

Reason Heuristics

PUP.Installer.GreatelsoftTrading.F

14.12.21.12

File size:

19.2 MB (20,160,744 bytes)

Product version:

1.2

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Greatelsoft Trading Ltd

Authority:

COMODO CA Limited

Valid from:

7/2/2013 4:00:00 AM

Valid to:

7/3/2014 3:59:59 AM

Subject:

CN=Greatelsoft Trading Ltd, O=Greatelsoft Trading Ltd, STREET="Kyriakou Matsi, 3, Roussos Limassol Tower, 6th floor, flat/office 6A, 3040", L=Limassol, S=Limassol, PostalCode=3040, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EFAAE98A631C872ADDE1E300FDF065A2

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:T8dxmwiEi7J8QaIj2BpnfxeMe+S+TNPDIDCfGSzrzFHk8vS+xbTHm5c0v7:wfBiEk2H/nfPe+SwVDID2G+rzFHk8vS1

Entry address:

0x9C18

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9999

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.