» Setup.exe
Overview
Analysis
File Details
Downloads (1)

Setup.exe

Special Uninstaller

Ideakee Inc

The file Setup.exe, “Special Uninstaller Setup ” by Ideakee Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.specialuninstaller.com.

File name:

Setup.exe

Publisher:

http://www.specialuninstaller.com/ (signed by Ideakee Inc)

Product:

Special Uninstaller

Description:

Special Uninstaller Setup

MD5:

2ee3e690543a3df2ac414c33d89a7fb8

SHA-1:

42bd63af8ebffc5d88614b5793d5984c30ec9b95

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 1:16:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ideakee.Installer (M)

16.1.30.6

File size:

3.9 MB (4,096,920 bytes)

Product version:

2.0

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\setup.exe

Digital Signature

Signed by:

Ideakee Inc

Authority:

COMODO CA Limited

Valid from:

9/18/2012 9:00:00 PM

Valid to:

9/19/2013 8:59:59 PM

Subject:

CN=Ideakee Inc, O=Ideakee Inc, STREET="1104# Asphodel Pavilion,Hengxiang Garden 18 LIjiangRoad", L=Guilin, S=Guangxi, PostalCode=541004, C=CN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BCB072086DF6A3229C9893EE4873CDFA

File PE Metadata

Compilation timestamp:

12/20/2011 12:16:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:gZ1q5H7VK0PrC3Ec3GKK6yjYVyLSRNLSJC4tvrf:gZs5H5pGfK6ZoFr

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://www.specialuninstaller.com/SpecialUninstaller_setup.exe

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.