» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Shop and Save Up

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application setup.exe, “Shop and Save Up Installer” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

setup.exe

Publisher:

InstallMonetizer (signed by BadFinger Project (BrightCircle Investments Limited))

Product:

Shop and Save Up

Description:

Shop and Save Up Installer

Version:

1.36.01.22

MD5:

ff6e0c72f451f95b17384a3efb72c12e

SHA-1:

91c84ffe891eac4bf0a887014e88be4ea291ea23

SHA-256:

c241f1e06b6c500b815a817cf84b48de0a1cc3bfd5ea51d63c97c40b30a42759

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware. Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 6:07:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14818373

523

Agnitum Outpost

Riskware.ScrambleWrapper

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.08.18

Avira AntiVirus

ADWARE/Agent.81920.130

8.3.1.6

avast!

Win32:ScrambleWrapper-A [PUP]

2014.9-150830

AVG

AdLoad

2016.0.3001

Bkav FE

W32.HfsAdware

1.3.0.7062

Clam AntiVirus

Win.Trojan.Crossrider-36

0.98/21511

Dr.Web

Trojan.Crossrider1.22993

9.0.1.0242

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted (variant)

9.12107

Fortinet FortiGate

W32/AppRider

8/30/2015

F-Prot

W32/Adware.ALHD

v6.4.7.1.166

G Data

Win32.Application.Agent.7CJDDA

15.8.25

IKARUS anti.virus

PUA.ScrambleWrapper

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.2016911

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.1501

Malwarebytes

PUP.Optional.ShopAndSave.A

v2015.08.30.08

McAfee

Artemis!27927603258C

5600.6657

MicroWorld eScan

Trojan.Generic.14818373

16.0.0.726

NANO AntiVirus

Trojan.Win32.MLW.dpnylv

0.30.24.3079

Panda Antivirus

PUP/Icinema

15.08.30.08

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.Badfingerp.Gen

8.15.14.00

Reason Heuristics

Adware.BrightCircle.InstallMonetizer.Installer (M)

15.8.30.20

Rising Antivirus

PE:Malware.Adwapper!6.25A8

23.00.65.15828

Sophos

AppRider (PUA)

4.98

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.4

VIPRE Antivirus

Crossrider

42962

File size:

10.2 MB (10,700,416 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\g7293xba\setup.exe

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/16/2014 7:30:00 PM

Valid to:

11/17/2015 7:29:59 PM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/4/2012 9:25:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:b3qpC6Eo/iLMtOK5JHVYCVbTyGA7qdrtOnsVOGwFOwKcwwaz:jqpXEo5t9DHVYC5r7rmpOwLwX

Entry address:

0x412D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dl.lockmaprack.com/monti/llyun/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.