» Setup.exe
Overview
Analysis
File Details

Setup.exe

clipqube

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file Setup.exe by clipqube has been detected as adware by 22 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

clipqube (signed and verified)

MD5:

dbcc324c0db5aecf300661e820401257

SHA-1:

3ca5deea7c86c2fadc39a3241d8618691b999d3b

SHA-256:

d5b15b2df4d2124a91d4a5f110c147189c70b16a451d4a85450ed00584506b1f

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/27/2024 2:19:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12939694

677

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Bundlore

2015.03.30

avast!

Win32:Malware-gen

2014.9-150329

AVG

Adware BundleApp

2016.0.3155

Bitdefender

Trojan.Generic.12939694

1.0.20.440

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Bundlore.SC

21584

Dr.Web

Adware.Downware.10329

9.0.1.088

Emsisoft Anti-Malware

Trojan.Generic.12939694

8.15.03.29.05

ESET NOD32

Win32/Bundlore.S potentially unwanted application

9.7.0.302.0

F-Prot

W32/S-28696d89

v6.4.7.1.166

F-Secure

Trojan.Generic.12939694

5.13.68

G Data

Trojan.Generic.12939694

15.3.25

herdProtect (fuzzy)

variant of unconfirmed 941287.crdownload (Adware)

2015.7.3.22

IKARUS anti.virus

PUA.Bundlore

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15417

Malwarebytes

PUP.Optional.Bundlore.C

v2015.03.29.06

MicroWorld eScan

Trojan.Generic.12939694

16.0.0.264

nProtect

Trojan.Generic.12939694

15.05.15.01

Reason Heuristics

PUP.Yontoo

15.3.29.17

VIPRE Antivirus

Threat.4150696

39676

File size:

254 KB (260,136 bytes)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

clipqube

Authority:

Thawte, Inc.

Valid from:

10/30/2014 5:00:00 PM

Valid to:

11/18/2015 3:59:59 PM

Subject:

CN=clipqube, O=clipqube, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1FCBFDBEAD545580F2531ECD63A07DB9

File PE Metadata

Compilation timestamp:

3/1/2015 4:23:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:0monno7dSzYRVW8MKyFiDuYHAmDNa1WVHFImXBqfIdvoNUGJKZsQwEx6riECTvxF:WnFYEchHAmA1MbnVoNU+pQ7x6+v/

Entry address:

0x30BA

Entry point:

E8, 8D, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, AD, 41, 00, E8, F0, 2D, 00, 00, E8, 5E, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, DF, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.8981

Code size:

77 KB (78,848 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.