home

setup.exe

Interesting Solutions

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Interesting Solutions has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from e46m3.vanoshield.com.
Publisher:
Interesting Solutions  (signed and verified)

MD5:
81284915a684763c5ba4344dd08edb1a

SHA-1:
50fd5edcce6406be073505742e547533b2577542

SHA-256:
cdae44aa055f20f0d96cee481e769e2585a0faeb724cfebab3c985241d9550b5

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/30/2024 4:53:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Jatif.98
444

Agnitum Outpost
PUA.PullUpdate
7.1.1

AhnLab V3 Security
PUP/Win32.WebGuard
2015.05.04

avast!
Win32:Adware-gen [Adw]
2014.9-151117

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.151117

Bitdefender
Gen:Variant.Adware.Jatif.98
1.0.20.1605

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21986

Dr.Web
Adware.Yontoo.68
9.0.1.0321

Emsisoft Anti-Malware
Gen:Variant.Adware.Jatif.98
8.15.11.17.02

ESET NOD32
MSIL/Adware.PullUpdate.J.gen (variant)
9.11568

Fortinet FortiGate
Adware/PullUpdate
11/17/2015

F-Secure
Gen:Variant.Adware.Jatif
11.2015-17-11_3

G Data
Gen:Variant.Adware.Jatif.98
15.11.25

K7 AntiVirus
Adware
13.203.15786

McAfee
Artemis!81284915A684
5600.6578

MicroWorld eScan
Gen:Variant.Adware.Jatif.98
16.0.0.963

NANO AntiVirus
Riskware.Nsis.Yontoo.dqgtsc
0.30.24.1357

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Injekt.InterestingSolutions.Installer (M)
15.11.17.14

Sophos
Pull Update
4.98

Trend Micro House Call
Suspicious_GEN.F47V0317
7.2.321

VIPRE Antivirus
Injekt
39902

File size:
4.5 MB (4,741,592 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\o0lultpczu\setup.exe

Digital Signature
Signed by:
Interesting Solutions

Authority:
Symantec Corporation

Valid from:
2/18/2015 6:00:00 PM

Valid to:
4/19/2016 6:59:59 PM

Subject:
CN=Interesting Solutions, O=Interesting Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
65BAC0C20EBC1780150DDA8808B0161A

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:2wVt8/dJh7fBd3ppejidqMaRf26UzX8OCKZJW3WwiUP/NNMxt3:2wMddtq016U1C+W3LfP/NNMx9

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9826

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://e46m3.vanoshield.com/wg/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.