home

setup.exe

DVD Software

Greatelsoft Trading Ltd

The application setup.exe, “DVD Software Setup ” by Greatelsoft Trading has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Conversionads, Inc.   (signed by Greatelsoft Trading Ltd)

Product:
DVD Software

Description:
DVD Software Setup

Version:
1.2.0.1

MD5:
fb3115a77b239de7586be066fd976157

SHA-1:
9335835440a4ed9e506e540975e3604be9951161

SHA-256:
9fdede5bea72058f43bbfee991d07bc5a346f2d99dc74d29d8a30a54df113254

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/19/2024 3:55:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-ATG [Adw]
2014.9-140716

AVG
Agent.F
2015.0.3411

Dr.Web
Adware.Shopper.341
9.0.1.0197

ESET NOD32
Win32/OutBrowse
8.8555

Norman
Suspicious_Gen4.EEULC
11.20140716

Reason Heuristics
PUP.Installer.GreatelsoftTrading.F
14.7.16.17

File size:
13.4 MB (14,065,776 bytes)

Product version:
1.2

Copyright:
Copyright © 2012-2013 Conversionads.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Greatelsoft Trading Ltd

Authority:
COMODO CA Limited

Valid from:
7/2/2013 2:00:00 AM

Valid to:
7/3/2014 1:59:59 AM

Subject:
CN=Greatelsoft Trading Ltd, O=Greatelsoft Trading Ltd, STREET="Kyriakou Matsi, 3, Roussos Limassol Tower, 6th floor, flat/office 6A, 3040", L=Limassol, S=Limassol, PostalCode=3040, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EFAAE98A631C872ADDE1E300FDF065A2

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:zXzwi2ew5NQjSl+EEdTWFtE59KfqETjvJ:jzwibw5c5FdTWFa5ZCrJ

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.