home

setup.exe

Text Editor

Greatelsoft Trading Ltd

The application setup.exe, “Text Editor Setup ” by Greatelsoft Trading has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Conversionads, Inc.   (signed by Greatelsoft Trading Ltd)

Product:
Text Editor

Description:
Text Editor Setup

Version:
1.2.0.1

MD5:
ca57b88457c2a4f60e4a87af8c3343e9

SHA-1:
8072facf90f46f3c428e9db0131a02e449c57c24

SHA-256:
46015b3b3020b26feebd0a82eeb45389c4fd1125b20be99a6da807512673d201

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 9:58:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Agent.F
2015.0.3274

ESET NOD32
Win32/OutBrowse
8.8547

Norman
Suspicious_Gen4.EEULC
11.20141201

Reason Heuristics
PUP.Installer.GreatelsoftTrading.I
14.12.1.9

File size:
14.9 MB (15,644,848 bytes)

Product version:
1.2

Copyright:
Copyright © 2012-2013 Conversionads.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Greatelsoft Trading Ltd

Authority:
COMODO CA Limited

Valid from:
7/2/2013 3:00:00 AM

Valid to:
7/3/2014 2:59:59 AM

Subject:
CN=Greatelsoft Trading Ltd, O=Greatelsoft Trading Ltd, STREET="Kyriakou Matsi, 3, Roussos Limassol Tower, 6th floor, flat/office 6A, 3040", L=Limassol, S=Limassol, PostalCode=3040, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EFAAE98A631C872ADDE1E300FDF065A2

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:6pmiowby+GYw7UsRnQ2+GDyDlFKNB6bvOJPu9pYDWjqx7RvW:6giowbT5SVQ1GD3YOdmCigdW

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9999

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.