home

setup.exe

Binarit personal computer peripheral equipment

The application setup.exe by Binarit personal computer peripheral equipment has been detected as adware by 34 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dlp.cloudsvr313.com and multiple other hosts.
Publisher:
Binarit personal computer peripheral equipment  (signed and verified)

MD5:
cfda2ed4ff0fd7dded5d810870d1ce29

SHA-1:
7e83b3fd57b6c350f44b4c347d080578e1dc8f41

SHA-256:
682bf0ac679a22ebc8f4fea974c11d722978efbfef32108f1a2b3fbd48b42d27

Scanner detections:
34 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/18/2024 5:29:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
6217679

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.23

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.197.44

avast!
DomaIQ-BF [PUP]
141214-1

AVG
Adware Skodna.Bundle_r.S
2014.0.4189

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1780

Clam AntiVirus
Win.Trojan.Domaiq-11
0.98/21511

Comodo Security
Application.Win32.DomaIQ.KKL
20441

Dr.Web
Trojan.DownLoad3.31551
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
9.0.0.4668

ESET NOD32
Win32/DomaIQ.AZ potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
12/22/2014

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

G Data
Application.Bundler.DomaIQ
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.188.14410

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.543

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.22.07

McAfee
CryptDomaIQ
5600.6908

Microsoft Security Essentials
Threat.Undefined
1.191.624.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.1068

NANO AntiVirus
Trojan.Win32.DomaIQ.cssxal
0.28.6.64267

Norman
Application.Bundler.DomaIQ.Q
04.12.2014 14:30:06

nProtect
Trojan-Clicker/W32.Agent.330944
14.12.22.01

Panda Antivirus
Trj/Genetic.gen
14.12.22.07

Quick Heal
Adware.DomaIQ.BT5
12.14.14.00

Reason Heuristics
PUP.Installer.Binaritpersonalcomputerperipheralequipment.F
14.12.22.19

Rising Antivirus
PE:Adware.Graftor!6.14B6
23.00.65.141220

Sophos
PUA 'DomainIQ pay-per install'
5.09

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.DomaIQ.Win32.83
2.0.0.2013

File size:
323.2 KB (330,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Binarit personal computer peripheral equipment

Authority:
COMODO CA Limited

Valid from:
6/25/2013 7:00:00 PM

Valid to:
6/26/2014 6:59:59 PM

Subject:
CN=Binarit personal computer peripheral equipment, O=Binarit personal computer peripheral equipment, STREET=111 Hashayatim st., L=Ashdod, S=Israel, PostalCode=7744136, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B1E67A8A40605CE803E9479F9649DE2

File PE Metadata
Compilation timestamp:
1/23/2014 10:53:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:prl8sf608N/cz9GD0mOh3Jhh9Ha24+7YWs:tl8sC08N89StOh4+ds

Entry address:
0x1BBB

Entry point:
E8, 37, 27, 00, 00, E9, 7F, FE, FF, FF, A1, D8, 0D, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, D8, 0D, 41, 00, 6A, 04, 50, E8, C7, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, D8, 0D, 41, 00, E8, AE, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 08, F0, 40, 00, 89, 0C, 02, 83, C1, 20, 8D, 52, 04, 81, F9, 88, F2, 40, 00, 7D, 07, A1, D4, 0D, 41, 00, EB, E8, 33, C0, 5E, C3, E8, D8, 2C...
 
[+]

Entropy:
5.8535

Code size:
33 KB (33,792 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://dlp.cloudsvr313.com/KTYDhFiS4YA4L0avqMua2fBcJC_41-UMwObfhGMaztFGDOJlV8BA9zvHgqhctmZicS8s8gYmBGukexddH1hpF4X6f6dneHVjoO34-K5XWRy3lCS-Mg2jq2h5yCoSuWpj

http://ttb.lpcloudsvr302.com/download/request/.../IkvnKFuc?__tc=1390749190.972&tgu_src_lp_domain=www.playmediaplayer.com&PubID=487&ClickID=1637--487--1390749288.736&cb=fc5e3a6b54

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.