» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

IronInstall

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application setup.exe by IronInstall has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dhc.freewindowsmediaconverter.com.

File name:

setup.exe

Publisher:

IronInstall (signed and verified)

MD5:

599f29c5e6af5397de1ae680a010e2b3

SHA-1:

934fba1e0f2d8e18091a89c5278dd54d3d822fb2

SHA-256:

fa09382260995cf19da34d80f1e5c124aaf4ef3f9587c0f6116297b5f3d23ab8

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 2:13:38 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.92.132

avast!

Win32:Installer-I [PUP]

2014.9-130828

Boost by Reason

Adware.Installer.IronInstall.F

2013.8.28.13

ESET NOD32

Win32/InstallCore.BH (variant)

7.8606

K7 AntiVirus

Trojan

13.170.9100

Reason Heuristics

PUP.Installer.IronInstall.F

14.8.7.18

Sophos

Generic PUA JD

4.91

VIPRE Antivirus

InstallCore

19848

File size:

588.2 KB (602,328 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

IronInstall

Authority:

COMODO CA Limited

Valid from:

11/19/2012 4:00:00 PM

Valid to:

11/20/2015 3:59:59 PM

Subject:

CN=IronInstall, O=IronInstall, STREET=63 Rothschild Blvd., L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2DC5BB8E9D823CD0C4F09AE859BBBEAC

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:YdNc3Bx+kGNNPFgI9fEX+MNTsc84RLDzmbRYygxjibuu7sq5U1cwmNZ4t7H2T:CNEMNnN9fEOVc84s2lje7sGU1cdo7H2T

Entry address:

0x12CFF0

Entry point:

60, BE, 00, F0, 49, 00, 8D, BE, 00, 20, F6, FF, C7, 87, 10, 47, 0E, 00, AE, 2F, BA, 3A, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.9185

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

572 KB (585,728 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dhc.freewindowsmediaconverter.com/download/start_download_ww-IC/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.