» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from i.funmoods.com.

File name:

setup.exe

MD5:

ce8ad435daccf5320c3b7b82796c7bcd

SHA-1:

96a2b5a20f76db9dc85626361d6d7f4d9337c74a

SHA-256:

1d40fcff40f7f7b8373e5a3c460ae505e62570ec92917b81fe86ef0e77dda8e2

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/18/2024 11:55:17 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.200.132

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.15123

Comodo Security

UnclassifiedMalware

20688

Dr.Web

Adware.InstallCore.45

9.0.1.023

ESET NOD32

Win32/InstallCore (variant)

9.11002

Fortinet FortiGate

Riskware/InstallCore

1/23/2015

Malwarebytes

PUP.Funmoods

v2015.01.23.06

NANO AntiVirus

Riskware.Win32.InstallCore.dfnipz

0.30.0.64448

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.15121

Sophos

Install Core Installer

4.98

Trend Micro House Call

Suspicious_GEN.F47V1228

7.2.23

Vba32 AntiVirus

Malware-Cryptor.Grygoryi.3

3.12.26.3

File size:

1 MB (1,078,360 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

6/20/1992 10:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:g0zN4AcLUFL3/cU9iJRc5HjFWTaXuc8d57Z8PoL+tTl74:gIT9i2joTa+4gSH8

Entry address:

0xC1C00

Entry point:

55, 8B, EC, 83, C4, F0, B8, 94, B5, 40, 00, E8, 20, DD, FF, FF, 83, C4, F8, 8B, D8, 8B, FB, 8B, 32, 8B, 43, 08, 3B, F0, 72, 6C, 8B, CE, 03, 4A, 04, 8B, E8, 03, 6B, 0C, 3B, CD, 77, 5E, 3B, F0, 75, 1B, 8B, 42, 04, 01, 43, 08, 8B, 42, 04, 29, 43, 0C, 83, 7B, 0C, 00, 75, 44, 8B, C3, E8, 35, FF, FF, FF, EB, 3B, 8B, 0A, 8B, 72, 04, 03, CE, 8B, F8, 03, 7B, 0C, 3B, CF, 75, 05, 29, 73, 0C, EB, 26, 8B, 0A, 03, 4A, 04, 89, 0C, 24, 2B, F9, 89, 7C, 24, 04, 8B, 12, 2B, D0, 89, 53, 0C, 8B, D4, 8B, C3, E8, D0, FE, FF, FF... 
[+]

Entropy:

6.9425

Developed / compiled with:

Microsoft Visual C++

Code size:

788 KB (806,912 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://i.funmoods.com/fm/dpg/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.