» setup.exe
Overview
Analysis
File Details
Downloads (163)

setup.exe

Left Click Media

The application setup.exe by Left Click Media has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from intva19.computedomain.info and multiple other hosts.

File name:

setup.exe

Publisher:

Left Click Media (signed and verified)

Product:

Left Click Media

Version:

74.3.1.1111

MD5:

df9583b41c5580ae5af3c591724907a8

SHA-1:

32bd73b3ce88d00a04bb3b17bc66060102f5a7cf

SHA-256:

00ebc1e37b4bfe11ba700c74cbe9eeae4b47afb0f96868881eb6bd0e8c39e6e5

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

5/15/2024 11:55:04 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.JP.3q3@a0@9MBei

355

Avira AntiVirus

TR/ATRAPS.Gen2

8.3.2.4

Bitdefender

Gen:Trojan.Heur.JP.3q3@a0@9MBei

1.0.20.230

Emsisoft Anti-Malware

Gen:Trojan.Heur.JP.3q3@a0@9MBei

8.16.02.15.06

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted (variant)

10.12870

F-Secure

Gen:Trojan.Heur.JP.3q3@a0@9MBei

11.2016-15-02_2

G Data

Gen:Trojan.Heur.JP.3q3@a0@9MBei

16.2.25

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.1.9.5.0

MicroWorld eScan

Gen:Trojan.Heur.JP.3q3@a0@9MBei

17.0.0.138

Norman

Gen:Trojan.Heur.JP.3q3@a0Mc86hi

11.20160215

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Vitallia.LeftClickMedia.Installer (M)

16.2.15.6

VIPRE Antivirus

Threat.4150696

46738

File size:

890.4 KB (911,720 bytes)

Product version:

74.3.1.1111

Copyright:

Copyright (C) 2015

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Left Click Media

Authority:

GoDaddy.com, Inc.

Valid from:

12/9/2015 6:45:40 AM

Valid to:

12/9/2016 6:45:40 AM

Subject:

CN=Left Click Media, O=Left Click Media, L="Oakland ", S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

04DFA3D52CDF7375

File PE Metadata

Compilation timestamp:

1/7/2015 7:36:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:X6AiqGv+NdALCVfFPryZ34CiTfhIyEJUXbkUcfZ2vud61ZEUt5ResaZnUqQHXPO5:/8v+Nd5/c1shHPbkUcfZ2vud61ZEUt5U

Entry address:

0x1000

Entry point:

E8, AB, D3, 00, 00, E9, CD, CB, 00, 00, CC, CC, CC, CC, CC, CC, 81, EC, BC, 00, 00, 00, 8B, 94, 24, CC, 00, 00, 00, 53, 8B, 9C, 24, D8, 00, 00, 00, 55, 8B, AC, 24, CC, 00, 00, 00, 56, 8B, B4, 24, DC, 00, 00, 00, 57, 8B, BC, 24, D8, 00, 00, 00, 8B, 07, 03, C5, 89, 44, 24, 1C, 8B, 03, 8D, 0C, 30, 89, 4C, 24, 34, 8B, 8C, 24, E8, 00, 00, 00, 83, E1, 04, C7, 44, 24, 18, FF, FF, FF, FF, 89, 6C, 24, 10, 89, 74, 24, 20, 89, 4C, 24, 38, 74, 05, 83, C8, FF, EB, 06, 2B, C2, 8D, 44, 30, FF, 8D, 48, 01, 89, 44, 24, 3C... 
[+]

Code size:

56.5 KB (57,856 bytes)

The file setup.exe has been seen being distributed by the following 50 URLs.

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49813059.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49471613.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49771773.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49480021.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49780855 (1).exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49751999.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49975445_2.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49746889.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49853653.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49585201.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49419219.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49572377.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49788243.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_setup-49644635.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49759175.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49736541.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49661633 (5).exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49790805.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49831949.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49800563.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=java_runtime_enviroment_setup-49587951.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49947929.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49840787 (2).exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49703037.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49849243.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49744257.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49801205 (1).exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49783983.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-49652905.exe&checksum=99996

http://intva19.computedomain.info/dl-pure?usefilename=true&_action_=getbin&filename=java_runtime_enviroment_setup-49666759.exe&checksum=99996

Latest 30 of 163 download URLs

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.