home

setup.exe

Setup Downloader

VerifiedInstallation

The application setup.exe by VerifiedInstallation has been detected as adware by 17 anti-malware scanners. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
VerifiedInstallation  (signed and verified)

Product:
Setup Downloader

Version:
0.1.0.1

MD5:
a80963851da18da6e468a6861b27c107

SHA-1:
78c6c464a2a9b638008d76213930e1bb0c29b188

SHA-256:
4771d582bc9b01833201b8c7d73f933983250803644b8a52ba03860b6e7f42b7

Scanner detections:
17 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/19/2024 8:59:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Generic
2015.04.17

Avira AntiVirus
TR/Starter.Y
7.11.30.172

avast!
Win32:Malware-gen
2014.9-150421

AVG
AdGazelle
2016.0.3133

Dr.Web
Adware.Downware.11074
9.0.1.0123

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.85303
8.15.06.29.05

ESET NOD32
Win32/AdGazelle.F potentially unwanted application
7.0.302.0

F-Prot
W32/S-a6699dba
v6.4.7.1.166

F-Secure
Adware.Eorezo.BZ
11.2015-03-05_1

IKARUS anti.virus
PUA.AdGazelle
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.203.15668

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.06.29.05

NANO AntiVirus
Riskware.Win32.Downware.dqyhzo
0.30.20.1219

Reason Heuristics
PUP.Installer.AdGazelle
15.5.3.0

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4657539
38552

File size:
224.6 KB (229,968 bytes)

Product version:
0.1.0.1

Copyright:
Copyright (C) 2015

Original file name:
downloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
VerifiedInstallation

Authority:
GoDaddy.com, Inc.

Valid from:
3/3/2015 3:42:42 PM

Valid to:
3/3/2016 3:42:42 PM

Subject:
CN=VerifiedInstallation, O=VerifiedInstallation, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00AD549677C65B0FD8

File PE Metadata
Compilation timestamp:
4/19/2015 3:24:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:OSYMsPix9Vit6QkUNMAKGkuuUe24kmurX6LmsRtkSkU19OAg0FutNXwf:Oh/PiH2YHq4kB6LXtkPUOAOfq

Entry address:
0xF9A0

Entry point:
E8, A7, 9B, 00, 00, E9, 89, FE, FF, FF, FF, 35, 24, 4A, 43, 00, FF, 15, 5C, 70, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, FB, 52, 00, 00, 6A, 01, 6A, 00, E8, 5F, 43, 00, 00, 83, C4, 0C, E9, 24, 43, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1...
 
[+]

Entropy:
6.6118

Code size:
152 KB (155,648 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.