» setup.exe
Overview
Analysis
File Details

setup.exe

Overall Media, Inc.

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Prime Installer ” by Overall Media has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

Prime Installer (signed by Overall Media, Inc.)

Product:

Prime Installer

Description:

Prime Installer

Version:

3.5.9.2

MD5:

c20cbd15d3e3709395b39078574ece91

SHA-1:

3fd260aaa6918f8c2463ab2d97160861613a5921

SHA-256:

5e3926077178aafcb540885e6ff5e29dff8b5d24f129eb912ee4483f21d6f49f

Scanner detections:

34 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 8:25:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.IBryte.BK

364

Agnitum Outpost

PUA.iBryte

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2015.03.14

Avira AntiVirus

Adware/iBryte.bxpj

7.11.217.28

avast!

Win32:IBryte-KG [PUP]

2014.9-160206

AVG

Adware AdPlugin

2017.0.2842

Bitdefender

Application.Bundler.OptimumInstaller.Z

1.0.20.185

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Agent-847729

0.98/20194

Comodo Security

Application.Win32.iBryte.BYK

21402

Dr.Web

Trojan.DownLoader12.15328

9.0.1.037

Emsisoft Anti-Malware

Adware.IBryte.BK

8.16.02.06.05

ESET NOD32

Win32/Adware.iBryte.BY application

10.7.0.302.0

Fortinet FortiGate

W32/Buzus.XLRR!tr

2/6/2016

F-Prot

W32/S-e4386d47

v6.4.7.1.166

F-Secure

Adware.IBryte.BK

11.2016-06-02_7

G Data

Application.Bundler.OptimumInstaller

16.2.25

IKARUS anti.virus

PUA.Bundler.OptimumInstaller

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.200.15259

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.704

Malwarebytes

PUP.Optional.SwiftBrowse

v2016.02.06.05

MicroWorld eScan

Gen:Variant.Zusy.122546

17.0.0.111

NANO AntiVirus

Trojan.Win32.DownLoader12.dnihtg

0.30.0.65070

Norman

IBryte.URL

11.20160206

nProtect

Adware.Ibryte.BM

15.02.03.01

Panda Antivirus

Generic Suspicious

16.02.06.05

Quick Heal

Adware.iBryte.S4

2.16.14.00

Reason Heuristics

PUP.Adknowledge.OverallMedia.Bundler (M)

16.2.6.5

Rising Antivirus

PE:Malware.iBryte!6.1C13

23.00.65.16204

Sophos

PUA 'iBryte Optimum Installer'

5.12

Total Defense

Win32/Tnega.ULHRQbD

37.0.11493

Vba32 AntiVirus

AdWare.iBryte

3.12.26.3

VIPRE Antivirus

Threat.4798837

36694

Zillya! Antivirus

Adware.iBryte.Win32.7461

2.0.0.2098

File size:

258.8 KB (265,016 bytes)

Product version:

3.5.9.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Overall Media, Inc.

Authority:

COMODO CA Limited

Valid from:

5/14/2014 8:00:00 PM

Valid to:

5/15/2015 7:59:59 PM

Subject:

CN="Overall Media, Inc.", O="Overall Media, Inc.", STREET=855 Village Center Drv, STREET="Suite #336", L=St. Paul, S=MN, PostalCode=55127, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

20CC4646E1A4400DB7FA2D15D1C8F1CB

File PE Metadata

Compilation timestamp:

2/16/2015 8:00:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:fNUVMWfi0njiY9Q+Is5HHmCDMDd9C/NdkedYXW3am5ROttDv11cE3HXOyiG:ueWpnjJ5HH5oDq/NdkuGKaCRoc2ORG

Entry address:

0x18FD3

Entry point:

E8, AC, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, 40, 90, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, EC, A5, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, EC... 
[+]

Entropy:

6.5076

Code size:

178 KB (182,272 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.