» setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (4)
Network (1)

setup.exe

SafeGuardSetup.exe

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The executable setup.exe by Alerts has been known to be a potentially unwanted program that has been detected by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Local Temperature by Core Systems which is a potentially unwanted software program.

File name:

setup.exe

Publisher:

Alerts LLC (signed and verified)

Product:

SafeGuardSetup.exe

Version:

1.0.0.17

MD5:

fa7a0552bbbe6cb8eed01f9b3543c97d

SHA-1:

3476f80a8637266bdb4b5ea476db08938806c914

SHA-256:

ecaa0fddcc7b919ab238238bc12f2f547affe89405419df7f13a2b057ff883f2

Scanner detections:

2 / 68

Status:

Inconclusive but possibly unwanted (There is not enough data for a 100% detection)

Analysis date:

5/8/2024 2:25:43 PM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V0326

7.2.86

VIPRE Antivirus

Rocketfuel Installer

38816

File size:

128.6 KB (131,680 bytes)

Product version:

1.0.0.17

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Alerts LLC

Authority:

COMODO CA Limited

Valid from:

6/5/2014 2:00:00 AM

Valid to:

6/6/2015 1:59:59 AM

Subject:

CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:YuxkZuTXJrRB3IbUgC12J9Z/TTA3klEpSyhJw:YSJRe812J9Z/TwSx

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been discovered within the following program.

Local Temperature by Core Systems

Install advertising in the browser. From the EULA/Terms: "The free version of the Software is supported by advertising. Accordingly, the Site and the free version of the Software may provide third party content, advertising and services, and links thereto (e.g.

localtemperature.net

68% remove it

The file setup.exe has been seen being distributed by the following 4 URLs.

http://d.safeguarddownload.com/SafeGuardSetup.exe

http://cdn2.chironexfleckeriwhite.com/downloads/offers/.../SafeGuardSetup.exe

http://ogdelivery.com/.../Setup.exe

http://www.downloadju.com/direct/.../setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-1-175-151.compute-1.amazonaws.com (52.1.175.151:80)

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.