» setup.exe
Overview
Analysis
File Details
Downloads (7)

setup.exe

Logic Procedure

This is published and distributed via an Adknowledge's advertising supported (adware) software installer. The application setup.exe, “Fusion Install ” by Logic Procedure has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from install.fusioninstall.com and multiple other hosts.

File name:

setup.exe

Publisher:

Fusion Install (signed by Logic Procedure)

Product:

Fusion Install

Description:

Fusion Install

Version:

2.4.8.1

MD5:

88883a9bd93c64c0a2d06d862fa16dbc

SHA-1:

82827de56ed62b1d3c9cb90e1a0e80d9ffb8511d

SHA-256:

f1e88ebb0299e30b0c72a1d4eca31ab417bd0e2c422a316b04cea2c32aa9869c

Scanner detections:

9 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/27/2024 3:19:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Graftor.171872

6578507

avast!

Win32:IBryte-KT [PUP]

150319-0

AVG

Adware AdPlugin.CFH

2014.0.4257

Dr.Web

Trojan.iBryte.265

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Graftor.171872

9.0.0.4799

ESET NOD32

Win32/Adware.iBryte.BX application

7.0.302.0

Kaspersky

not-a-virus:AdWare.Win32.iBryte

15.0.0.543

Reason Heuristics

PUP.Installer.Adknowledge

15.3.19.12

VIPRE Antivirus

Threat.4778314

38552

File size:

560.9 KB (574,336 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Logic Procedure

Authority:

COMODO CA Limited

Valid from:

3/23/2014 5:00:00 PM

Valid to:

3/24/2015 4:59:59 PM

Subject:

CN=Logic Procedure, O=Logic Procedure, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

39A92273D8E58C01737CDD1083C77435

File PE Metadata

Compilation timestamp:

1/15/2015 7:00:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:n1GWFHIKy2UcJC9Oz/25gbzSEwTCL/dBA7a1zBmnkARHE:n1GyHxQcJiR5gbzSEwmDdwa18HHE

Entry address:

0x251A1

Entry point:

E8, 9E, AD, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 64, 94, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 78, 90, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Entropy:

5.7561

Code size:

286 KB (292,864 bytes)

The file setup.exe has been seen being distributed by the following 7 URLs.

http://install.fusioninstall.com/o/.../Setup.exe

http://installationproxy353.com/o/.../Setup.exe

http://aback-structurec37c4d.com/track/install?gluid=gyaEYiQh4MIGp2G7RjjTs5df9t0Vrtvzt40lu gHeSxB1QeqbNhnJpLqERf2X1rpt0YzdVbXzWthqznKX/W1/iwuTZm1 zWjcxmL4mi4PrgH69JjhC8by7qUxGKqedOxmCQWxp8BlDEhO2X8Jq OGY2AAKc3sHaAUQel3jkos QD2i7ZdXo 5DDfbTwOdqmBDxuUB/1SutF2ABEYD39Le7HImEj9xpyJVrXANKDx2qD 68GbbLTNDz/eur0A FY5PcjUzg FmEoaFY82zjdd7PJpl1YZ/ec5FpnnhUuDKg0dgYeHa0pLB0eE0r6tQHZvnsyTBqXUoC37Hs68jdlxeB2sfFBYxVVw2JtC/pkJ86z1AzDT3/1LgLwn1S7zITz2hsNeqMbuH1v1BS2nQRxbbUNeMNfNyQzyeFDSamPB8GIneYuJeAlBy2OOTz1dBkjKNgYkkBzBFeerioZpCcVkpIPdOF2fmlROeVrgKtax0KJr0kriUhO3qvVVdWETCW2orEV3SgwrM0aGKy92dikRz5HMYj79nSOK9/vtLW/VJ7f1uUFXy5QfCHRzzRb8KFPDQyIQv7R 9zmtsioc8k45Wh9 fgB/.../DeCzfW0B%

http://auhjhi4ljwf.p1du265.com/iNSwRBlUn43xcwGAikyW1EPujdFcdgY1JxIxWehM7B7pVuWEO2vs0ImtGtp-WZV41SCx21617-VGhEQuU3eYJr221lYaTH5wFI9X9U3gQ7Gvu0PgkIqM8Bn03C8GmeWY?sbb=['iuu8n7X8xgHivgGf0fWA1BnthbRVSWHNTw8GV7deo1vti0GgfQsLHvvckk9jmIePzMfnSxzcXRpzpz8RgKPQtNYb8yTuLousePnH08qp4GrCuwBabXaYSaaQMvMtbxK8WYQrSR5KQuCCtIE52TqaA3JgeOQCFazIoMGon5GegQBlwQYtx45PONs2n8XIOZqOTkNHKVTrEAEQGg6RKMAKNlnzn6jGKkFflYrKds3RyTuSlTywXiftFOluDWgmlqtLXFnYpC2jR64KmSOsbioDzYVwUo9fweAR3W82jlRcrcsNFxZR1Jr3ir5KKCk0zq10JDuzeQwmw8a2eBJD1arc4NLSjncnUKVFVlrsKpxsKsfjKVFcEukYqJnZtG3gZmpbqznR3f5KVSu2fAPUhPl2gxZgQ2ZTPuwr8VHhLssick7g4DSj9Er2fsCXgHjDkOsEQB6J0WeKGiWzv7p8QJEaPerprHaIXvxI06Mv0Mem21rZB1VpqNn8oYgOlL5BzYU14P4oOuxOfvkTgFnu1dChc1pZQdN8gjJyMs1CSHBaoN2bfvNvafIKqFSWZ2IgpTLXL6gCk9kLzesgI6cSvyHqK9TBZIGdtADydUIvCXVKlJuPNoYtq2nEDaRFKFMM6IcTY3AAqv5g2wMpHSZux2VoQtb6Z3FvqUROD9LUVW0vhxQedSch73cqjWxBoSebdtVmr4dAalRX56NOaMpRDQ3w9Imv81oG5OxEpiZONMtKHkEy7H6xAX7UVu0XBiERQEvoQptwkLF9m1bABaCGy3Geer72AQnGJ1DMBsXVKPyueLHp8vRau5W1Ojkv5lCxp3

http://auhjhi4ljwf.p1du265.com/iNSwRBlUn43xcwGAikyW1EPujdFcdgY1JxIxWehM7B7pVuWEO2vs0ImtGtp-WZV41SCx21617-VGhEQuU3eYJr221lYaTH5wFI9X9U3gQ7Gvu0PgkIqM8Bn03C8GmeWY?sbb=iuu8n7X8xgHivgGf0fWA1BnthbRVSWHNTw8GV7deo1vti0GgfQsLHvvckk9jmIePzMfnSxzcXRpzpz8RgKPQtNYb8yTuLousePnH08qp4GrCuwBabXaYSaaQMvMtbxK8WYQrSR5KQuCCtIE52TqaA3JgeOQCFazIoMGon5GegQBlwQYtx45PONs2n8XIOZqOTkNHKVTrEAEQGg6RKMAKNlnzn6jGKkFflYrKds3RyTuSlTywXiftFOluDWgmlqtLXFnYpC2jR64KmSOsbioDzYVwUo9fweAR3W82jlRcrcsNFxZR1Jr3ir5KKCk0zq10JDuzeQwmw8a2eBJD1arc4NLSjncnUKVFVlrsKpxsKsfjKVFcEukYqJnZtG3gZmpbqznR3f5KVSu2fAPUhPl2gxZgQ2ZTPuwr8VHhLssick7g4DSj9Er2fsCXgHjDkOsEQB6J0WeKGiWzv7p8QJEaPerprHaIXvxI06Mv0Mem21rZB1VpqNn8oYgOlL5BzYU14P4oOuxOfvkTgFnu1dChc1pZQdN8gjJyMs1CSHBaoN2bfvNvafIKqFSWZ2IgpTLXL6gCk9kLzesgI6cSvyHqK9TBZIGdtADydUIvCXVKlJuPNoYtq2nEDaRFKFMM6IcTY3AAqv5g2wMpHSZux2VoQtb6Z3FvqUROD9LUVW0vhxQedSch73cqjWxBoSebdtVmr4dAalRX56NOaMpRDQ3w9Imv81oG5OxEpiZONMtKHkEy7H6xAX7UVu0XBiERQEvoQptwkLF9m1bABaCGy3Geer72AQnGJ1DMBsXVKPyueLHp8vRau5W1Ojkv5lCxp3m1L9i4

http://ttb.youltotalsoftupdates.com/download/request/.../pf51jgCo?PubID=79_3811_3027&ClickID=7940515874

http://downloads.updatesoftnow.com/get/click/.../?uid=Ym89MSZjaXBpZD0xNTA5MDAwJmNpc2lkPTdEREQ1MzEyNzQwNTE2NTMxNDM0MDcwOTgmY2lyaWQ9N0RERDUzMTI3NDA1MTY1NDE4MDIzMTA1NSZzbGlkPTAmc3ViaWQ9MTAwMyZjaXVpZD0yNTI4MjYyMjE2MDg2MzI2MDkmc289MSZjcmlkPTIwODIxODgmZXhjaWQ9MjImbW10PS0xJmNudHJ5PTIyNyZjaWNtcD0yNTgyMjgmcHViaWQ9OTQwMA==&sid=9400-1003&filename=Setup

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.