» setup.exe
Overview
Analysis
File Details

setup.exe

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application setup.exe by Motoko Group has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

setup.exe

Publisher:

Motoko Group (signed and verified)

Description:

Eczxldm

Version:

9.22.5.23

MD5:

65cd67fb0b9e2a969d89353afd9621e1

SHA-1:

7e07bb70e36956b9d321031979ed79f8a160136a

SHA-256:

055d8a8f35dba4a77b2a11d74c26cb83302dd800069e3226508a2428813aef7e

Scanner detections:

7 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

5/9/2024 3:59:02 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3398

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3485

Panda Antivirus

Trj/Chgt.C

14.07.30.12

Reason Heuristics

PUP.Installer.MotokoGroup.F

14.7.29.23

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14728

Trend Micro House Call

Suspici.FE9D1764

7.2.211

File size:

7.7 MB (8,067,576 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\setup.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 8:00:00 PM

Valid to:

7/18/2015 7:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

12/4/2012 8:54:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:bAyOGFzbL0ub444LwhG/8MGleDYDp6xsqh/xiCf:8EkL44wU/e+YMxj/xF

Entry address:

0x4105

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 30, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 8C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Entropy:

7.9983 (probably packed)

Code size:

34 KB (34,816 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.