» setup.exe
Overview
Analysis
File Details
Downloads (42)
Network (3)

setup.exe

Installer

Stepitapp LLC

The application setup.exe by Stepitapp has been detected as adware by 12 anti-malware scanners. The file has been seen being downloaded from nym1.ib.adnxs.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

setup.exe

Publisher:

Stepitapp LLC (signed and verified)

Product:

Installer

Version:

1.0.0.0

MD5:

a54e7992aa83b9c9fa3d979b2bdcddbc

SHA-1:

9f46fdcbc24d5a3b54485459455149d52d183b94

SHA-256:

688aa43789ec94880eebcd5becbad10a41537f5af559bc5036af03805877fec2

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:

4/25/2024 1:57:31 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-140803

Fortinet FortiGate

Riskware/Agent

8/3/2014

G Data

Win32.Trojan.Agent.4P134N

14.8.24

herdProtect (fuzzy)

variant of setup(3).exe (Adware)

2014.9.11.21

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3462

McAfee

Artemis!EC6559E3952C

5600.7049

Panda Antivirus

Trj/Chgt.C

14.08.03.03

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Stepitapp.F

14.8.3.15

Trend Micro House Call

Suspicious_GEN.F47V0630

7.2.215

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Conduit

31858

File size:

400.4 KB (410,032 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Stepitapp LLC

Authority:

COMODO CA Limited

Valid from:

12/10/2013 7:00:00 PM

Valid to:

12/11/2014 6:59:59 PM

Subject:

CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata

Compilation timestamp:

8/1/2014 2:55:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:/3Vo/bClibqI59PpOPf201/z7pHmJI9ftR0l9h7eH:9o/elibqI59Pk2cb7pHmJ0ftR0l/eH

Entry address:

0x621FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1819

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

385 KB (394,240 bytes)

The file setup.exe has been seen being distributed by the following 42 URLs.

http://nym1.ib.adnxs.com/click?21ZUgoIRxj_nOo20VN7CP5qZmZmZmbk_1e-P-K8Pwz_2LvyYPEvGP0sFItwdtLINK9hFawArbgS4uN9TAAAAALdVKQBfAAAAdgIAAAIAAABN7vUAsmkGAAAAAQBVU0QAVVNEANgCWgBuZwAAm7QAAgUAAQIAAJAADSm1WgAAAAA./cnd=!_gbhQgim5vsBEM3c1wcYstMZIAA./referrer=http://us.levi.com/search/index.jsp?view=all/clickenc=http://.../st?cipid=892000&ttype=1&crid=1602718&dast=Ym89MiZjaXBpZD04OTIwMDAmY2lzaWQ9N0E1MUQ5MUFDMTMyNTUyNTE0NDgzNzAzODMmY2lyaWQ9N0E1MUQ5MUFDMTMyNTUyNjY1NDQ4MDM5NiZzbGlkPTAmc3ViaWQ9NTAwMTUwNDIyNTIwMDAwMDAwJmNpdWlkPTc4NjEwNTMyNzk2MTQ1MzY2MDAmc289MiZjcmlkPTE2MDI3MTgmZXhjaWQ9MjImbW10PS0xJmNudHJ5PTIyNyZjaWNtcD0yOTU1NDgmcHViaWQ9NjE5MDg=&cmcv=${CMCV}&tgtf=http://www.mydownloadhome.com/download/201?pub_id=90&sub_id=nym1CKuwl9qG4Iq3BBACGMuKiOHdg63ZDSIPMTYyLjI1My4xNzIuMTk0KAEwuPH-ngU.&tag=2708919

http://nym1.ib.adnxs.com/click?hsTFx1kB5j-GxMXHWQHmP1CNl24Sg9A_hsTFx1kB5j-GxMXHWQHmP3aVLd7PsWx-pc4RnOsYFn80Zu1TAAAAAJf7KAB2AgAAdgIAAAIAAABA7_UAllsGAAAAAQBVU0QAVVNEACwB-gDIDwAAFeYAAgQAAQIAAJAAHypdtgAAAAA./cnd=!xAbGQQit5PsBEMDe1wcYlrcZIAQ./referrer=http://www.vdokhmer.com/watch/town-production/town-vcd-vol-43-07-min-kit-yur-any-zam-video-185142.html/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CKWdx-C5nYaLfxACGPaqtvH9uay2fiINNzMuMTY3LjEyMi43OSgBMLTMtZ8F&tag=2685847

http://nym1.ib.adnxs.com/click?ct2WuoIf6j8KQtRDoq7lP6JFtvP91AVACkLUQ6Ku5T9y3Za6gh_qPyC6SOQct2ZmAvPv-frxgyLYBApUAAAAABTOMgCTBwAAdgIAAAIAAADrIRwBCmEHAAAAAQBVU0QAVVNEACwB-gDnOgAAyqQAAgUAAQIAAJQAYyn-hwAAAAA./cnd=!pQakPwi027QCEOvD8AgYisIdIAA./referrer=http://countrymusicnation.com/newcomer-derek-anthony-pays-tribute-to-king-george-with-new-song-50642/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CILmv8-vv_zBIhACGKD0oqLO462zZiIOMjA5LjIxMy4xOS4yMjkoATDYiaigBQ..&tag=3329556

http://lax1.ib.adnxs.com/click?Ar4BajCrREACvgFqMKtEQAAAAAAAgEhAAr4BajCrREACvgFqMKtEQFmf5LysZv8Rc8gLL1gzWl1l4ftTAAAAABEsIgB2AgAAdgIAAAIAAABN7vUAuIYFAAAAAQBVU0QAVVNEANgCWgABYQAAvd0AAgQAAQIAAIwAmB9uSAAAAAA./cnd=!Ogb4OgiW3o0CEM3c1wcYuI0WIAQ./referrer=http://www.download366.com/internet-explorer-10-for-windows-7/thanks/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CPOQr_iC64ytXRACGNm-kufL1dn_ESIMNjguMTAyLjUuMTc2KAEw5cLvnwU.&tag=2239505

http://lax1.ib.adnxs.com/click?3D66gfBGqT_cPrqB8EapP9nO91Pjpbs_3D66gfBGqT_cPrqB8EapP9cuSs1xzI9uC1XB5qlUkTbCOv1TAAAAACg_KAB2AgAAdgIAAAIAAABN7vUADSYFAAAAAQBVU0QAVVNEANgCWgAW6wAAUL8AAgQAAQIAAI4ASivZbwAAAAA./cnd=!wwYxQQia5PsBEM3c1wcYjcwUIAQ./referrer=lax1.ib.adnxs.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CIuqhbaeldXINhACGNfdqOqcjvPHbiINNzMuMTY2LjM0LjEwMigBMML19J8F&tag=2637608

http://lax1.ib.adnxs.com/click?Ed9BfAfxvT-amZmZmZm5P5qZmZmZmbk_YTOCr9rlwj9zhR0eTxrGPwcanpWufm5L-vN2uhkr33V3y99TAAAAALdVKQBfAAAAdgIAAAIAAABN7vUAsmkGAAAAAQBVU0QAVVNEANgCWgBuZwAAxK0AAgUAAQIAAJAAlCnnTgAAAAA./cnd=!_gbhQgim5vsBEM3c1wcYstMZIAA./referrer=http://jqp.toolspre.net/sd/dw32.html?u=http://ugo.tractionize.com/WhiteLabelBidRequestHandlerServlet?oid=1&width=1&height=100&pubid=1700&tagid=1049&noaop=1&revmod=CRD&cb=cybabw&encoded=1&cirf=http://congratulations-you-won.claimprizenow.com/us/j/440/1212.html&pstn=17001049/clickenc=http://.../st?cipid=892000&ttype=1&crid=1602718&dast=Ym89MiZzbGlkPTAmc3ViaWQ9MjAwMTE3MTIyNTE1MDAwMDAwJnNvPTImY2ljbXA9Mjk1NTQ4JnB1YmlkPTUyODAwJmNpcGlkPTg5MjAwMCZjaXNpZD1FMzM1QTgyMTQxMzQ1NDc5MTYwNTIxNTE1MCZjaXJpZD1FMzM1QTgyMTQxMzQ1NDgwMTMwOTM5MzM2MSZjaXVpZD02NTg1MDQxMzkyNTY5MzA3MzEzJmNyaWQ9MTYwMjcxOCZleGNpZD0yMiZtbXQ9LTEmY250cnk9MjI3&cmcv=${CMCV}&tgtf=http://www.mydownloadhome.com/download/201?pub_id=90&sub_id=lax1CPrn29Ob48rvdRACGI

http://lax1.ib.adnxs.com/click?CW80dX7t-T-F61G4HoX1P4XrUbgehfU_hmL_fEND9z-LleYzBAf8P-ECvZAW-HE9379tvcKrvyLoUPdTAAAAAB_OMgCTBwAAdgIAAAIAAADrIRwBhWwHAAAAAQBVU0QAVVNEACwB-gDOcAAAi60AAgUAAQIAAJQA7ylbhQAAAAA./cnd=!uwYZQAij-6kCEOvD8AgYhdkdIAA./referrer=http://www.indeed.com/jobs?q=data entry/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CN__tuur-OrfIhACGOGF9IXpgv64PSILOTkuNjYuMi4xNDIoATDood2fBQ..&tag=3329567

http://nym1.ib.adnxs.com/click?H7GsTgiP2D8Ksaqpaf_UP9nO91PjpeM_CrGqqWn_1D8gsaxOCI_YPyA4ZpznXJI3K8UBbYkjgy0ZIOxTAAAAAKihMgBfAAAAdgIAAAIAAABX7vUACmYGAAAAAQBVU0QAVVNEACwB-gCLLwAAzdQAAgUAAQIAAJQANCjZGwAAAAA./cnd=!2QZhQgim5vsBENfc1wcYiswZIAA./referrer=http://ib.adnxs.com/tt?id=3318184&size=300x250/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CKuKh-iW8cjBLRACGKDwmOP5nJfJNyIONzEuMTk5LjEzNi4xNTYoATCZwLCfBQ..&tag=3318184

http://nym1.ib.adnxs.com/click?NvxdnW8ltT88owoUOKixP8uhRbbz_bQ_PKMKFDiosT81_F2dbyW1P0av4GixT04LgJ3p1MuayhFV8AlUAAAAAGImLgDIAQAAdgIAAAIAAADrIRwBc5kFAAAAAQBVU0QAVVNEACwB-gClXQAAc8cAAgUAAQIAAJIAqSa_XAAAAAA./cnd=!5gZdQAij27QCEOvD8AgY87IWIAA./referrer=ib.adnxs.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CIC7pqe92ablERACGMbegseW9pOnCyIMOTkuODkuMTIyLjk0KAEw1eCnoAU.&tag=3024482

http://nym1.ib.adnxs.com/click?VZK30K4h9T8t2KxqCYrxP4XrUbgehfc_LdisagmK8T9VkrfQriH1P1EdmfX-uxoQap6xDypxO0fbH_lTAAAAAB_OMgCTBwAAdgIAAAIAAADrIRwBhWwHAAAAAQBVU0QAVVNEACwB-gDOcAAAbOYAAgUAAQIAAJQAfShGKQAAAAA./cnd=!uwYZQAij-6kCEOvD8AgYhdkdIAA./referrer=http://thankyou.postdownload.net/thankyou1.php?pd=1/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1COq8xv2gpdydRxACGNG65Kzv_66NECILMjQuMTMuMzAuNDUoATDbv-SfBQ..&tag=3329567

http://nym1.ib.adnxs.com/click?Y_VMiFtS9T_AednPb7LxP4XrUbgehfc_wHnZz2-y8T9j9UyIW1L1P4d6XezUF6YlMG05zyqleSU3svhTAAAAAB_OMgCTBwAAdgIAAAIAAADrIRwBhWwHAAAAAQBVU0QAVVNEACwB-gDOcAAAebEAAgUAAQIAAJQAcSrvBQAAAAA./cnd=!uwYZQAij-6kCEOvD8AgYhdkdIAA./referrer=http://www.rpzdesigns.com/portfolio.html/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CLDa5fmspem8JRACGIf19eLO-oXTJSIMOTkuNjUuNDQuMjE2KAEwt-TinwU.&tag=3329567

http://ttb.newallsoft.com/download/request/.../oia9vKEN?PubID=79_1731_4231&ClickID=6695908896

http://nym1.ib.adnxs.com/click?AAAAAAAA8D-QwvUoXI_qPxSuR-F6FPw_kML1KFyP6j8AAAAAAADwP1BQDzQTDDYftCUuXmWKNm-invxTAAAAAB_OMgCTBwAAdgIAAAIAAADrIRwBhWwHAAAAAQBVU0QAVVNEACwB-gDOcAAAN6YAAgUAAQIAAJQABCCD4gAAAAA./cnd=!uwYZQAij-6kCEOvD8AgYhdkdIAA./referrer=http://www.bradfordexchangechecks.com//clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CLTLuPHVzKKbbxACGNCgvaCzgoObHyIMNjguNTIuMTIzLjcwKAEwor3ynwU.&tag=3329567

http://nym1.ib.adnxs.com/click?3h6iAK0Y1j9GQ0Eng9TNP0w3iUFg5eA_RkNBJ4PUzT_fHqIArRjWPxlGyfsKxAcqkUNpeog_22mLGfJTAAAAAM-2MgAdAgAAdgIAAAIAAABN7vUANr0CAAAAAQBVU0QAVVNEANgCWgCxPwAAfqkAAgUAAQIAAJQATyUergAAAAA./cnd=!CAcLQwj50qkCEM3c1wcYtvoKIAA./referrer=http://www.edline.net/pages/Wahconah_Regional_High_School/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CJGHpdOH8c_taRACGJmMpd6vgfGDKiINNjcuMjUyLjM5LjE1NCgBMIuzyJ8F&tag=3323599

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CKb5ptj6xv61SRACGLy31L3f6dWVViIOOTguMjM5LjIzNS4xMDAoATCz1vOeBQ..&tag=3189460

http://nym1.ib.adnxs.com/click?wxsICyHP1D-KxbiPbJXRPwAAAAAAAPA_isW4j2yV0T_DGwgLIc_UP7wbtfdNVytWprwJqzf6a0kz69xTAAAAANSqMAA_AQAAdgIAAAIAAADJTwQBHvEGAAAAAQBVU0QAVVNEAKAAWAKvFgAA8scAAgUAAQIAAJQA3yQ0hQAAAAA./cnd=!EQZGOQjCzJMCEMmfkQgYnuIbIAE./referrer=www.netflix.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CKb5ptj6xv61SRACGLy31L3f6dWVViIOOTguMjM5LjIzNS4xMDAoATCz1vOeBQ..&tag=3189460

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CI_P5ZnWxtfOKxACGLSF0NuDwqmBWiIMNzEuMjM1LjI3LjY3KAEwz4GSoAU.&tag=2637608

http://nym1.ib.adnxs.com/click?n5SfMZbyrT-flJ8xlvKtPylcj8L1KLw_n5SfMZbyrT-flJ8xlvKtP7QCdDsQpgJaj2c5YzVenSvPgARUAAAAACg_KAB2AgAAdgIAAAIAAABN7vUADSYFAAAAAQBVU0QAVVNEANgCWgAW6wAAZOYAAgQAAQIAAI4AriY1wwAAAAA./cnd=!wwYxQQia5PsBEM3c1wcYjcwUIAQ./referrer=nym1.ib.adnxs.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CI_P5ZnWxtfOKxACGLSF0NuDwqmBWiIMNzEuMjM1LjI3LjY3KAEwz4GSoAU.&tag=2637608

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CJLSgKLmxKvhNxACGPr5g6Cpjb3CZSIONTAuMTc0LjE2Mi4xMjEoATD9vq2gBQ..&tag=3329556

http://lax1.ib.adnxs.com/click?tGESvSq-7j9qibASPYTpPyUGgZVDiwRAaomwEj2E6T-1YRK9Kr7uP_r8AJRq9IRlEilAZCauwjd9XwtUAAAAABTOMgCTBwAAdgIAAAIAAADrIRwBCmEHAAAAAQBVU0QAVVNEACwB-gDnOgAA4dwAAgUAAQIAAJQAeiSSkAAAAAA./cnd=!pQakPwi027QCEOvD8AgYisIdIAA./referrer=http://www.japantravelinfo.com/stopover2013//clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CJLSgKLmxKvhNxACGPr5g6Cpjb3CZSIONTAuMTc0LjE2Mi4xMjEoATD9vq2gBQ..&tag=3329556

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CLn1g-qVns27AhACGPGqvMDv89KeRSIMMTczLjIyLjg4LjQ4KAEw_JStoAU.&tag=3024482

https://secure-nym.adnxs.com/click?TcaKLlbUsT_YEiA0ccatP3sUrkfherQ_2BIgNHHGrT9NxoouVtSxP3EVD_ieSz1FufpAXfE0dwJ8SgtUAAAAAGImLgDIAQAAdgIAAAIAAADrIRwBc5kFAAAAAQBVU0QAVVNEACwB-gClXQAAU-MAAgUAAQIAAJIAcSResQAAAAA./cnd=!5gZdQAij27QCEOvD8AgY87IWIAA./referrer=www.callfire.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CLn1g-qVns27AhACGPGqvMDv89KeRSIMMTczLjIyLjg4LjQ4KAEw_JStoAU.&tag=3024482

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CNPklqHHy_C2AxACGMOG3MahyvOrfiIMNTAuMTU0LjM0LjUwKAEwi4iAnwU.&tag=3198959

https://secure-nym.adnxs.com/click?exSuR-F6hD9YObTIdr5_PwAAAAAAAPA_WDm0yHa-fz97FK5H4XqEP0MD1xhSzld-U7IldFzCbQMLBOBTAAAAAO_PMAByBwAAdgIAAAIAAABN7vUA2vgGAAAAAQBVU0QAVVNEANgCWgCNJAAAsKUAAgUAAQIAAJQApCRaQAAAAAA./cnd=!QAfMQwif5_sBEM3c1wcY2vEbIAA./referrer=www.att.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CNPklqHHy_C2AxACGMOG3MahyvOrfiIMNTAuMTU0LjM0LjUwKAEwi4iAnwU.&tag=3198959

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CNq1yIOVvfaCPhACGKWS1rCNtIyOXCIKMjQuMzAuNTUuNCgBMNXzsKAF&tag=3412229

http://nym1.ib.adnxs.com/click?LmrHwOSQ1D9I_LzG1WDRP1K4HoXrUeg_SPy8xtVg0T8uasfA5JDUPyWJFdagMRxc2hpyUOnZBT7VOQxUAAAAAAURNAA_AQAAdgIAAAIAAADrIRwB2UkHAAAAAQBVU0QAVVNEACwB-gB9rQAAIM8AAgUAAQIAAJQAiyhmnQAAAAA./cnd=!1gZyQQjI1bcCEOvD8AgY2ZMdIAA./referrer=www.bestapp120.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=nym1CNq1yIOVvfaCPhACGKWS1rCNtIyOXCIKMjQuMzAuNTUuNCgBMNXzsKAF&tag=3412229

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=ams1CPX_z7W3yYPNFxACGP_D1obegteSISIOODEuMTU5LjE2My4xODMoATD986WgBQ..&tag=3144708

https://secure-ams.adnxs.com/click?mP7cz8le9D-Y_tzPyV70P4_C9Shcj_I_mP7cz8le9D-Y_tzPyV70P_-h1eAVXCUh9f-zdksOmhf9eQlUAAAAAAT8LwB2AgAAdgIAAAIAAABN7vUAJPwGAAAAAQBVU0QAVVNEANgCWgARWgAAHNMAAgQAAQIAAJIAdi-gMAAAAAA./cnd=!VAeSRgjh5PsBEM3c1wcYpPgbIAQ./referrer=http://delivery.us.myswitchads.com/adserver/hat.php?instances[0][instance_id]=0&instances[0][zone_id]=7104&instances[0][token]=T_XywV1l7yRx&l=2XgGFlLkNT&bw=728&bh=90&loc=http://computers.playblasteroids.com/.../ad-728-c.html?ac=1001&ccg=de38b4a8df5d460d992169a261580701&ns=BLST&pid=153291&ccv=1002007031&hu=http://www.apple.com/&me=NA&cv=71&inc=1&cc=GB&load=1&epk=32d31532af6ec59715623548157b9830&as=adshostiso&tzo=-60&referer=http://computers.playblasteroids.com/.../ad-728-c.html?ac=1001&ccg=d

http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CIroxvmj2ri2GBACGPntqJ-I3ZzkQyIMNzEuMTM2LjMzLjM1KAEwwtqpoAU.&tag=3412229

http://lax1.ib.adnxs.com/click?pmO3w_P9tD9I4kxX_byxP0Jg5dAi2-k_SOJMV_28sT-lY7fD8_20P_k26oPocshDCrQxP9LibBhCbQpUAAAAAAURNAA_AQAAdgIAAAIAAAACIhwBM3gHAAAAAQBVU0QAVVNEACwB-gB9rQAAFsUAAgUAAQIAAJQAQilGKgAAAAA./cnd=!cwZsOwjCzJMCEILE8AgYs_AdIAE./referrer=updownloaads.com/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CIroxvmj2ri2GBACGPntqJ-I3ZzkQyIMNzEuMTM2LjMzLjM1KAEwwtqpoAU.&tag=3412229

Latest 30 of 42 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.