setup.exe

Conversionads

The application setup.exe by Conversionads has been detected as adware by 12 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from moozymusic.com and multiple other hosts.
Remove setup.exe - Powered by Reason Core Security
Publisher:
Conversionads  (signed and verified)

MD5:
5f0ead129a19b089e5fae498c6ce450a

SHA-1:
55be76f80e4aa1057b5eee408b00dda6a8879d54

SHA-256:
1e30ef7eb0ef69e0185b32d46f307dd382974c8136265b4c30325604be8e9cfb

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/5/2016 1:30:29 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.119.96

AVG
Agent.F
2015.0.3448

Dr.Web
Adware.InstallCore.55
9.0.1.0161

ESET NOD32
Win32/InstallCore.AT (variant)
8.9165

Fortinet FortiGate
Adware/Fam.NB
6/10/2014

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.174.10498

Malwarebytes
v2014.06.10.09

Reason Heuristics
PUP.Installer.Conversionads.F
14.8.7.23

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14608

Sophos
Conversion Ads
4.95

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.24.3

Remove setup.exe - Powered by Reason Core Security
File size:
1.1 MB (1,113,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/30/2012 2:00:00 AM

Valid to:
5/31/2013 1:59:59 AM

Subject:
CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:4yCzguHt3FbmBerz4wag8uNbrVbscFE3nW:4yCLt3gvwnvrxscJ

Entry address:
0xCEAC0

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, F4, 41, 00, E8, 8E, FA, FF, FF, 0C, 3B, C1, 72, 16, 8B, 12, 81, FA, 20, 76, 47, 00, 75, E8, C7, 05, C0, 75, 47, 00, 03, 00, 00, 00, 33, D2, 8B, C2, C3, 90, 53, 8B, CA, 83, E9, 04, 8D, 1C, 01, 83, FA, 10, 7C, 0F, C7, 03, 07, 00, 00, 80, 8B, D1, E8, B9, 01, 00, 00, 5B, C3, 83, FA, 04, 7C, 0C, 8B, CA, 81, C9, 02, 00, 00, 80, 89, 08, 89, 0B, 5B, C3, FF, 05, B0, 75, 47, 00, 8B, D0, 83, EA, 04, 8B, 12, 81, E2, FC, FF, FF, 7F, 83, EA, 04, 01, 15, B4, 75, 47, 00, E8, F3, 05, 00, 00...
 
[+]

Entropy:
6.9357

Developed / compiled with:
Microsoft Visual C++

Code size:
841 KB (861,184 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security