» setup.exe
Overview
Analysis
File Details

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

setup.exe

MD5:

4e315e66f3ce843400df37731be06ded

SHA-1:

80fba1219617824764710427e26c237162411b2c

SHA-256:

8f5028126d7ec7a1b5c47a49017db2a35b5eeccdfc35ce5499c422db51fb9226

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/19/2024 11:36:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Morstar.B

868

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2014.03.01

Avira AntiVirus

APPL/Bechiro.B

7.11.134.32

avast!

Win32:PUP-gen [PUP]

2014.9-140919

AVG

MalSign.Generic

2015.0.3346

Bitdefender

Application.Morstar.B

1.0.20.1310

Clam AntiVirus

Win.Trojan.Morstar-1

0.98/19168

Comodo Security

Application.Win32.Bechiro.BDC

17865

Dr.Web

Trojan.DownLoader11.3311

9.0.1.0262

ESET NOD32

Win32/FirseriaInstaller (variant)

8.9487

F-Prot

W32/Morstar.C.gen

v6.4.7.1.166

F-Secure

Application.Morstar.B

11.2014-19-09_6

G Data

Application.Morstar

14.9.24

herdProtect (fuzzy)

variant of setup.exe (Adware)

2014.11.30.19

IKARUS anti.virus

Application.Morstar

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11302

Kaspersky

not-a-virus:Downloader.Win32.Morstar

14.0.0.3225

Malwarebytes

PUP.Optional.Rapiddown

v2014.09.19.09

McAfee

Artemis!3F5C1BD5E2A2

5600.7002

MicroWorld eScan

Application.Morstar.B

15.0.0.786

NANO AntiVirus

Trojan.Win32.Morstar.cslwnq

0.28.0.58101

Panda Antivirus

PUP/Fiseria

14.11.30.02

Qihoo 360 Security

HEUR/Malware.QVM18.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Morstar.O3

9.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.19.21

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.9C54

23.00.65.14917

Sophos

Solimba Installer

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10349

Trend Micro

TROJ_VARNEP.UB14

10.465.30

Vba32 AntiVirus

Downware.Morstar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26960

Zillya! Antivirus

Downloader.Morstar.Win32.1

2.0.0.1777

File size:

171.3 KB (175,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

12/30/2013 10:43:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:4fwFBn/RRVtCkR495OpHOMnKEUJVBz20OW4Y/T8tEY:4YFBn/RRVtCcVHrnwJVBztr4

Entry address:

0x60117

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.8923

Packer / compiler:

ASPack v1.08.04

Code size:

100.5 KB (102,912 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.