» setup.exe
Overview
Analysis
File Details
Downloads (16)

setup.exe

Stepitapp LLC

The application setup.exe by Stepitapp has been detected as adware by 9 anti-malware scanners. The file has been seen being downloaded from www.mydownloadhome.com and multiple other hosts.

File name:

setup.exe

Publisher:

Stepitapp LLC (signed and verified)

MD5:

98ec4676e97b3c6c4e2fe80cada4f289

SHA-1:

618e60264a901f34d08ac5dcd6b9f78955c7957f

SHA-256:

a611369d9f8ca91720b5d2afe7c9cb8720ee3011e15e39c8f54594a2d0a3de66

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

6/26/2025 2:00:31 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dldr.Agent.216048

7.11.201.138

avast!

Win32:Dropper-gen [Drp]

2014.9-150129

ESET NOD32

Win32/Downloader.Agent.AI (variant)

9.11021

McAfee

Artemis!F4CD8201B97A

5600.6871

Reason Heuristics

PUP.Installer.Stepitapp.F

14.12.22.11

Sophos

Generic PUA OF

4.98

Trend Micro House Call

Suspicious_GEN.F47V1213

7.2.29

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36688

File size:

211 KB (216,048 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Stepitapp LLC

Authority:

COMODO CA Limited

Valid from:

12/11/2013 12:00:00 AM

Valid to:

12/11/2014 11:59:59 PM

Subject:

CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata

Compilation timestamp:

12/11/2014 10:09:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:Dbm6l7b9RZtLiNZsWFel4UDP5i/7VgmpW7+oJ0y8FIPCgHRwa:Db7l7b9zt+No4G5+Vg6W7+oJmIP1n

Entry address:

0x145C1

Entry point:

E8, CA, 6B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 14, 75, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, A4, 70, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81... 
[+]

Entropy:

6.3972

Code size:

151 KB (154,624 bytes)

The file setup.exe has been seen being distributed by the following 16 URLs.

http://www.mydownloadhome.com/.../2?sub_id=0lr02r7pnvvgJ08Y_ZD-cWr4tvWsWFyIvbmzDo2eE3VFI68Sw-DF-SZJBrW17KYSKFrcIGvIZBeX5dIAEbH1NSy_XWWt9VAUbDEWzlr0CYDc_Xxn5-Or6n0As9ei8ySqNVofCKCt0YdCpvaDlMfC0ZCYK4vxdNCL7y0Ip0ScUu84bKxpEMDF25c9-twEMYkuv5E6dSW43TjwCUz6SqmJgvljh5LqJi48LaKG143y4UDgbjD7laV3Gv-mOyrZvuwKRp1mzPiMFoMkzACtGd-xtN0TRir-2DV8Z2UsdKZYKH6YW8kYncz6HmYRNAlWfN6SuklsQwYEA0wiHOPG2A3RXm-lepAKhC_Y1TSXxjuHSqxxW_uwfxJs5ecP-PSxSukPoyhVTGPmfdUXW6css7Vd3-pgenY-Vg-ObLh7LCPdIJf3UXBVwDvGyWxDhSqqYOqMZHDokXY&pub_id=88&template=lp

http://www.downanapp.com/.../300?sub_id=adk2_UfrB95bjYic7vKs2DTIZ0VSxj99z7u1zW5NbMm6QDLFdYKiLNHbfW7Bkt5H2kztkWv24IJt7QqINrSymOTD8dJgTxylOvZx5UC2aTt_lHNCptElxY_Aj357S7KiuVon9q1UoHXto0fiLqznVzIp3wFdlvQliBmuQ-iGgtzhwMTX6qJsqC3Y4MkD6_3E36Q-4N1cy1UMGuoVrn1MRVpVUQV-tVdqGqoy21s-Pvug_FGzc_3uSifzrZC53-9BClxmb0RtqJmDjUrrdbkZ721zfkw2WrLP5-AMOdlDknsuELLUnIo2BJqyiT-eRR6EAnPJKvxY8krgmyQMCrBXIKPR1kcEdak268xVqFsaC31vuzXwcC-SMMMrUakz4dbnUalK5xtbtXdrWdERIc-xEOY4Tg59i-C2pqx7KXy-UO9Esxw&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_5-DUA2ze41BQe5oDsLF0kEjxETzU1Lt5J6gh2LyaZk-jhAXNhrNa1bDQtjWHxa_lxU_o_TVWSUXOO5gLNttuMfO1c7M29jjpFC5OLMbgqjjF9nvr8y8A1yfvn1tuetweiENU7HCzZLNh0l9RSkto3ZZ7ru9-aedR8g5UiaA-18P4SLuv_3Kwxp2XsuMygfL9cACesnBPeL4kGsIZ1PRMG_V70yhpXVHqL66aTdWDhzr94gFlgxlBIrj8uYw9MiXl5dX3EdoqvbUEfWNHZBOES6mCys0QxCWqlg61RhL_jShxb8jDNCMGSnC2XKc6cMepeMv5QXCVlB7HzduLWxOIJvOFNjfVpmPAj7ZgM4TrEyUfrvzGNCSNs5ECcjJgtkPTvt9tm-eUh3eW8lQ4L2eqKc-3CoX1leOWbHjwGWyffo-FV2y4IAloFuqZeKf_aPHi&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_Nj3CnGOXGdeP2sHm2eVPlQhsXhQAGrS7T36qF0KfslJcLmQiDDzIUf94WOwRU7Gyh7KNwBX1zVWLxnzQVGRQd-u3l9-zON6PMkiMXhzZRvaNIRpcYSKVcWDQTtJmmhbihm86mex2MJMeNaV2vE_Re_RT22Ah2kYypY1zU0MuZOWG4N8nFbA_saWozYIjmKUh_yylACEOVHQpY9KZuxUQEa-vPp5aAKBHwW60f3mhzN8xDC_d5d90OGrbqhLgrTJLUsNTPxAPJhobGhtupWb_V_mJm5Sh1B3AqfyqOJjdEzY28ysYA1VxPmXRdeqJPgtZD7ZU-8U99n2coAuKl6J5CEkqVGCqNe5yyo3eQSwKpK1OPJzPsnP42P17tD3BC5AjoRwESu4mVxqpCyQ8iIRK_6osnS8wHmAcidUqNPK2To_tJK8G7T4cpgr8WJoibw&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_yqikArPsODiJiduiuhuQl3HvwlkCwME0Qdr_xPEP6P6qr-ZKCsPT-7kbqVYc8cwPBQSvS13e8-Yj9fSAVtrCPTJAJCqtErSutFbIbGubJa8bACM7ErMr5KnoAbjX-V_TGSefZmRtUJiEuo97xBpK24FG_yjMXLQAu4sT_J0ihCOQ_tpTV0LVowAltzDpE393egmGYj5jqGyHEQjFVKGY-kTOPdv8aBgJQuLrwvyC6IftwknTaawYS_bg4RkBQuRLZote9A7tZZydYkYOk8D5i3RnfrC0WARiCIvk2Pavb9lrNS-kIqoFbk0-IUQrRQ5tP3zi-d3h4q1te05dtHHY5_8wA4o4TwFiMn1iKR4tPtlIl7ulp5d6c2weAwjPcd2_IRO2-rPjzU_Cn2cmdubxmq8R0HayIjRirdzGHets&pub_id=334&template=lp

http://www.downanapp.com/.../300?sub_id=adk2_mSuGCOSjyiVXWuEnJ073_oWHb23wLzWqgMyu5qFPo2x8Op6RiKOxhQrJNhK-yGldEDFZTbu4zp0A3DxCMgIZK2Tdnw1bkn-1pPOkOFYhGkZA8by11SgXjQ74d1qP2SEeQ_HEpP3qH1Pam8LF433fl7_jzrPDlf_-yzGaq4d4PXWNSBNtUsRdHuA13wgaaZYmfeKoShBRDOYWYTwjg4nIG6LScQCFjzLTSt5RO7ooqLma4jds5uMlWp9N-mh_IQNbOiq6VPrUP4rj3WyxFFNHZQHX7fP_rtBCyXl6yMg2KWsWzm6hKOV6kSOOOpR4k3BWXkvW3GD9F5IJSsPuy7s-OpXBRpUrj74CcX9kiJsSzafZpReo6fJCACQBm84SQNSvN4APDwYWrj9Z1pvOP1wfx6kQG5vEOeS9iAlXSeGOfRLExDsZ4pAPvWNAJFLXexzoqhoAXO9a5pORqKtY292Ghw&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_q4Jhw2X2NqXaXPZOlFqqDA5mSxrYof4pf_l8YJQnt2GQP7j697cDZoZU2gXGQCzLnyIUSvwgVroFo6WNzXZu42FWhALU3qD1J2Poh_mw1XonysvrXQDsikcIneklRhFzSoK8l2BH46HQf5WigFH4hMetyKVDM20dZJ2hnitMG-OmZ5tqUlY2Q-xryC3yN0rEURI4FQ7N1bMMgHVZykjcQ4RxygCX9wbj7-XkZUlvERjK9StqwfvEAudIyMvf4DW9TZsvd7x7LfXBPrwgSeRqifHLdwCPO6sIRYFjy1jCyEGfZOjil9ROtOYntOQTFOiPBPLcW0SeQ4qNd955_JKeoZJX-nDQSu1FRo4RnasVoBnfWSa4UH63Wf8pPKD0sM0rNWw-krK7DkmUqF5wcy5XOroCFOdEfTIGOGncFZYq8JfuIbxDyVFg6Pg&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_IiLXdIn8lwfbN3oxUG1tqd0Ha7jabUNcPxXSBV07lcqx1VdhICC_eKsUs9bcWVe0QdMCSOPK3_7VVlA82GxIEhyOVPgvWQw7oTtQ5d9B2vGJnJaWqgA3ulBdsFyaGIkohFbV8XRGvcvh-WgSPbMgKFaWK-IUJ5hVh0BanjqRa-1tw9TPbO3o2Wmgc-3W0Br-rBwgBXphcfV4QaJ2qV5nk4YwQSGDblHt7oKw0GL8l9TCsCUOARpQWRId2t23TkIIkx8qgDT-SDoqLcRPjZYkN0WjQHRJOmPh_eCtIxV4dW21e02DH-meiA8nCV9XUWnvDWWqBKGhn7fvuCkhNqva_DGFKqFEtumTNkU5uhDf5ct-doM74_Cxmh2Dsd_VqjVtnygtaJs44zmFJsNweRLV3uygoAaT&pub_id=334&template=lp4

http://www.lpcloudbox326.com/.../Setup.exe

http://www.downanapp.com/.../300?sub_id=adk2_mpmtVq36XgELTwly1fQX_v6AIfERzM79vuTtdrfc7lLldUU7Ded8Glj0uc2yQCazs-usNKsTCv-xAvZwO4jFlG6yzf1HEpcENb5ckrFBjKyEuuULusEZ1Kr5qIxLOJTZGCmcohYi_zGoZYvnKanqWwvl6lIUt5jqlfPoHBEoIKZqELpeb442Jcc1dQB0ilEV5qMbyWGH81Ls5ddNrcxzLXRgAimEgmIXKHbXTBcN-e8W4Dgx9Sb-S1LJTr4nH9fkK97rn3xp5o-cSvVRYkjpZfznkHOUGlJBbSG4usRBruVfB6aLb5hOIfnqNxDELx-zMqoEdQ-YsS54yGSK4YY32cQRdT2JuxHoilPIVoOhb_FgUx_cHpOWydpk1XD-LdmbMTfvBovZLmUnEtLoPVBgzi1P7jinZBGU8AJxBxdY5oWgMbUwGi2aOp8RJ_rzvjfHp-8&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_MJXFYV53B2pqNAMw57NwHUSwm-n_wKkrpvz5CAvo4bP0WyvLm-OFuoIFSCx5BAPLYZ0YGozncm1cRouIGNB3nN1U9vnP1vtHafo-hgXcN7IvAks1D-7WsHWmbtjdynglfP4L1hlpAESjPGCTs37oXVFyFHin7RVr0n5hNY0oCpaOny8ZWXBTgWF7kKFxGtkQq5dZ9a76gC68-_Hx0Lw49QbUQPDZNisSP3KuYNkoZAX5VNjJri9Bb5PowKVm4muR-lAvKRo3aAiwzF_hQtrWff_cOgNmhRgZ88LrvLGOCTVXGStRrn6tkqYS20nbNr4KObEZQ70hlXyU-OLLAfmV7nSfO7hIukhkQqlUspEa9YA-FfbqRge4yUfmXN-T48-l43gHXcr1bpfXw4d5TGjXQnkr4F6nRzDPu3KqJ6uY8g3gGu0&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_PP9HIxZFDAz6-tPddMcsi5gcwP6qRZlbQ--rzj53lbcMFJJLI5wFhV-7ae7F07PmZZobg6fDKdfjt_xnJpI5JZkxRLMjUl5a4J9RHzH29NkWAesVNcTPspMMNBiJOKarZpW3SxkdtboEN5MXODQd9jaVshX9znbeMjHIwSwfZVu6_N82xSW0cIYXWTKH-8AvuqVDYqnqXRoT6rSRv9W2fQW7iyqDlo8FTW89aOq4CN_8rYQ3i8hj-q7uPlvxo30_wySnHjUEbbDAOEhDHIC57tAZ5gJa1BLzowtdmwZguDOGHvtPNsAdtlxrb2-a5m7tlR0Mmec2jwRTxpebLnMpKPEmxODVeQTP2nAObyY3sCpOrUen60SpbjfpLEydSS77VNYS8s1nDS4zgrY4JdxYp0J9ffRg7OBiq5tY0FNI6EANwxaubscIm8S04Nh-&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_bbiIbUIU_atE5ogh-NY_ysuR7WN23Mn9pDDrMSiIT8HPE5sNnstP6bWJA6aFHFsEHt7A9PzrNEmHUtMwqHXVITmQhtKyAU1p_BcqFO6bot2cNKk3pYHqfs6_8Qy3fbwDhaZEiZKf2qdPCXuaQYR2c43nuGbodEFiPOhKevebxMrYeb95n2XKuYlv3A8NzLvjic8z6wxDGLuve3o0bxpO0lSyChZkLaJFvLXWt_1G7Ls1EJkBGUeIoYoLtiU26kRrN5i-6WzEUF43jta4UHcKdrVYiPzAEnN-N514kRI6XIdiUQ2eeYtkQ6eNm9WBnvFRHu5XP5AqXCQ2D7_a84lH-JF3Qoo5SpVHe_oh18Ov8a0g8TldZWHcsWsuYoBSl8osp05BAlSpS_q8v1ISRwKfODMMa-Q5CjOlCvjZQ9-zvnhd5Zh4ftHSMVrbZZz1&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_NUA3wKIYLssLjdwfiutHBNcz5eoQZhVGxc00udGjZCyytgD_KVhE1S2TKYbSYr5EhilWpYnIULwkpP7tVL5deinjjpUUDsUiAz25-Hjq4wRM27leutybpfEhabT0_Cp2O0IQw7R0U5-mLutrYzeROBQLbg746ibkYOTkrGI3RsVP9XXzW00mIedps7GpNfnvW-ROC8XTAYw96fB0IW0WPjTqzJl31-j5VzEG2yL5KUdu5rm8xytkX0akr2ZdDxzd-mQhtyNnBdP5V7LGGO0qgi-M7rrGsWDgF0cleo6zhZoDHl9L58fGXhoFFQy5rh5OTBGslf_rv-5D8db42nA1mmhWvazSzb3VBnbF0CtZ67J3_yBAsGlm8wwKpO3cecXbrxjcXGMT35ix55GThy0tVajGj4orU7aUYa8e1paQ_k-05KbKuuslLzP8xlQ3Fw&pub_id=334&template=lp4

http://www.downanapp.com/.../300?sub_id=adk2_8Rl3Aonoyb13mn4KnhGVVfv_ZSiJch7nniGW5xjIRxtoCYSjJIsl-tQpy_IKxeGu3miyruOnLFddsn9cbV8wmfJees3sVU1dzlLIBP1mOubSRVytI_I7rv1uvgfKNuWf0lhrNWiZb2mMIevxEDQwmriozJ9avJdWQIoCYJQvwh0vE1aoQia5nq-dXhuoxhOsh7KhJolyrnzQhqurB1pOSz7dSzdgMSKSpDkMPrXe6KX_48xEDV3sx2jOs_2C-QOOKAowNWkYTDo206ATgBl6Tu3C4tr-npXjeIB4Hp70BvhrUDRUVarjwTBOBk0suobv7BLF_0NEOOML8-WVaPQ-daMffe8tZZVEZKpze3T2vKqNDEne8T0oy6OKRInT00HSIX9Vj4XAjWoWJMFZA3DrDD4318IZ0guHfzAv-A&pub_id=334&template=lp

http://www.downanapp.com/.../300?sub_id=adk2_5y6j1LHcePszXg6QLj6eM37nD0cb22hxLKdJIwTkkUkRgVSHNsf00FBUdSlIv_gPP20kSuRKLRRjhWFbGNDkxNyMd7BTYCUKW9vM7NhTiiwcfN-EMtbSbo4bFANuBEy-s5x00co8NAEjgq2HuI82cxnPdl6GdryosLYfXDg7f5alcBcErHvqOlKyEXSk67O8OFzNxJ2s6ksWjDHFR9fYUVqIKNF5aEXRG3hiQt3y3QxePMDTlGQetGbUgpHpCSOVnFTNM5tKjyQcaRqL_LDE8ZvPlLRLWRF1hIY0u8MsbZAg9wfgLV9kcHRaadUsOn2C-UmP4FMeyvscUcKGiK4J0Y9-CUgrPaNPEhgl_2BKGz3F6WFpnKsJ9Lp7TtKIfxsrMczytIfQ8FEGE7pVmS3ByjNRRyfHKk3kgpzZqS0f4WjLL3VpD1M47hfOyjyrANGsYhJ3PWy4NQyT8z9OAwNJ5LnSYEA&pub_id=334&template=lp4

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.