» setup.exe
Overview
Analysis
File Details

setup.exe

Overall Media, Inc.

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Prime Installer ” by Overall Media has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

Prime Installer (signed by Overall Media, Inc.)

Product:

Prime Installer

Description:

Prime Installer

Version:

3.5.9.2

MD5:

cc456677329c17fdac391d5c6de61854

SHA-1:

3dcd58dd8e8f17c7698b4c919db56455911a27e7

SHA-256:

585009068515dcb3bdaae9d704e8a47598c50770765db457cf459201d53d763b

Scanner detections:

34 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 3:18:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.IBryte.BK

356

Agnitum Outpost

PUA.iBryte

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2015.03.14

Avira AntiVirus

Adware/iBryte.bxpj

7.11.217.28

avast!

Win32:IBryte-KG [PUP]

2014.9-160213

AVG

Adware AdPlugin

2017.0.2834

Bitdefender

Application.Bundler.OptimumInstaller.Z

1.0.20.220

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Agent-847729

0.98/20194

Comodo Security

Application.Win32.iBryte.BYK

21402

Dr.Web

Trojan.DownLoader12.15328

9.0.1.044

Emsisoft Anti-Malware

Adware.IBryte.BK

8.16.02.13.12

ESET NOD32

Win32/Adware.iBryte.BY application

10.7.0.302.0

Fortinet FortiGate

W32/Buzus.XLRR!tr

2/13/2016

F-Prot

W32/S-e4386d47

v6.4.7.1.166

F-Secure

Adware.IBryte.BK

11.2016-13-02_7

G Data

Application.Bundler.OptimumInstaller

16.2.25

IKARUS anti.virus

PUA.Bundler.OptimumInstaller

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.200.15259

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.667

Malwarebytes

PUP.Optional.SwiftBrowse

v2016.02.13.12

MicroWorld eScan

Gen:Variant.Zusy.122546

17.0.0.132

NANO AntiVirus

Trojan.Win32.DownLoader12.dnihtg

0.30.0.65070

Norman

IBryte.URL

11.20160213

nProtect

Adware.Ibryte.BM

15.02.03.01

Panda Antivirus

Generic Suspicious

16.02.13.12

Quick Heal

Adware.iBryte.S4

2.16.14.00

Reason Heuristics

PUP.Adknowledge.OverallMedia.Bundler (M)

16.2.13.12

Rising Antivirus

PE:Malware.iBryte!6.1C13

23.00.65.16211

Sophos

PUA 'iBryte Optimum Installer'

5.12

Total Defense

Win32/Tnega.ULHRQbD

37.0.11493

Vba32 AntiVirus

AdWare.iBryte

3.12.26.3

VIPRE Antivirus

Threat.4798837

36694

Zillya! Antivirus

Adware.iBryte.Win32.7461

2.0.0.2098

File size:

420.8 KB (430,904 bytes)

Product version:

3.5.9.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Overall Media, Inc.

Authority:

COMODO CA Limited

Valid from:

5/15/2014 2:00:00 AM

Valid to:

5/16/2015 1:59:59 AM

Subject:

CN="Overall Media, Inc.", O="Overall Media, Inc.", STREET=855 Village Center Drv, STREET="Suite #336", L=St. Paul, S=MN, PostalCode=55127, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

20CC4646E1A4400DB7FA2D15D1C8F1CB

File PE Metadata

Compilation timestamp:

2/8/2015 10:00:29 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:jyr7k7uTe6HVB1VFgKY2szxr5G4w1lo3pl:4haCT1VFgKzGJhp5l

Entry address:

0x1B8E3

Entry point:

E8, 14, A2, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, 50, B9, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 50, 27, 44, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 50... 
[+]

Code size:

194 KB (198,656 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.