» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Volonet Ltd

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application setup.exe, “Powered by InstallCore” by Volonet has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from i.funmoods.com.

File name:

setup.exe

Publisher:

Funmoods (signed by Volonet Ltd)

Product:

Funmoods

Description:

Version:

2.0.1.0

MD5:

8321e07fe90b8767ff9e340e03769732

SHA-1:

8e512e5d15fb33790047a5c59034b9f0802812da

SHA-256:

979bd0177d05ed03ecbde3b50cc21411c161c358ca76d853fa4d05e32bea3666

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 12:29:53 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.InstallCore.15

9.0.1.0308

ESET NOD32

Win32/InstallCore (variant)

8.6863

Reason Heuristics

PUP.Installer.Volonet.F

14.11.4.14

File size:

593.6 KB (607,832 bytes)

Product version:

2.0.1.73

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Volonet Ltd

Authority:

COMODO CA Limited

Valid from:

1/10/2012 10:00:00 PM

Valid to:

11/25/2013 9:59:59 PM

Subject:

CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9EB879A7F4ADB713BB56F5D9EA449DA

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:04pecsd5vm0J4wgOS4S4x7c0A01G2yON1DUfkooFrHnaBRQpaT/6k:0Ac5vfCBTp4C0AJ2yONBUforHQT/h

Entry address:

0x144F50

Entry point:

60, BE, 00, 10, 4C, 00, 8D, BE, 00, 00, F4, FF, C7, 87, 10, 87, 0C, 00, 33, 8F, 2E, 10, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

532 KB (544,768 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://i.funmoods.com/fm/mca/wr/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.