home

setup.exe

Giveaway of the Day

Softdeluxe

The application setup.exe by Softdeluxe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. Additionally, the file is typically installed by a number of programs including CDRWIN 9 by Engelmann Media GmbH and Startup Defender Uninstaller by ZardsSoftware. The file has been seen being downloaded from d.webshieldonline.com and multiple other hosts. While running, it connects to the Internet address giveawayoftheday.com on port 80 using the HTTP protocol.
Publisher:
giveawayoftheday.com  (signed by Softdeluxe)

Product:
Giveaway of the Day

Version:
2.0.1.16

MD5:
293a6ec59c28eb50b1530348ec87c172

SHA-1:
a1eea29f613b4cd8d76e71f1ea4f92ef972b0590

SHA-256:
345c53d35b8d2eea006e6bade4092333d7dc4b9ef06a6eb95da23aa49ccefa4d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 11:24:47 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softdelu.Installer (M)
16.3.2.22

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131206

File size:
3.1 MB (3,294,328 bytes)

Product version:
2.0.1.0

Copyright:
Copyright (C) giveawayoftheday.com, 2006-2012

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Softdeluxe

Authority:
Thawte, Inc.

Valid from:
8/11/2011 7:00:00 PM

Valid to:
8/11/2013 6:59:59 PM

Subject:
CN=Softdeluxe, O=Softdeluxe, L=Dubna, S=Moscow region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
03210A27BF81D359C5333208DDA8F10D

File PE Metadata
Compilation timestamp:
10/9/2012 12:14:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:mEzZ0QRrE2jtFA/Gb+craE6LzJsXL+I6Gr0SceVceVXx9Abe:H0krE2hFR7raEYWt0SceVRVXxd

Entry address:
0x671000

Entry point:
68, 00, 00, 00, 00, 68, 01, 00, 00, 00, 68, 00, 00, 40, 00, 68, 00, 00, A7, 00, E9, 00, 04, 00, 00, 04, 22, 00, 00, 00, 00, 00, 00, C6, 21, 00, 00, 00, 00, 00, 00, A2, 21, 00, 00, 00, 00, 00, 00, 48, 21, 00, 00, 5A, 21, 00, 00, 6E, 21, 00, 00, 00, 00, 00, 00, 88, 21, 00, 00, 00, 00, 00, 00, 26, 22, 00, 00, 00, 00, 00, 00, E2, 21, 00, 00, 00, 00, 00, 00, 64, 75, 6D, 6D, 79, 00, 64, 75, 6D, 6D, 79, 00, 64, 75, 6D, 6D, 79, 00, 64, 75, 6D, 6D, 79, 00, 64, 75, 6D, 6D, 79, 00, 64, 75, 6D, 6D, 79, 00, 00, 00, 00...
 
[+]

Entropy:
7.8851

Packer / compiler:
PKLITE32 v1.1

Code size:
1.2 MB (1,257,472 bytes)

The file setup.exe has been discovered within the following programs.

Aidfile recovery software professional version 3.5.0.0  by Mitusoft, Inc.
www.aidfile.com
About 4% of users remove it
AllMyNotes Organizer  by Vladonai Software
Publisher's description - “AllMyNotes Organizer is a personal information manager application for Windows. Organize all your Docs and Diary in free-form tree, within solid securely encrypted database! Store various data: notes, diaries, thoughts, ideas, letters, links, goals, events, famous quotes, etc...”
www.vladonai.com
About 6% of users remove it
BYclouder Data Recovery Pro  by BYclouder Corporation
Publisher's description - “This is a professional data recovery tool and cross-platform.The main function is recovery lost/deleted files from any storage device, including audio/video, documents and archives, these storage device including: hard drive, CD-ROM, digital camera, memory card,etc.”
www.byclouder.com/products/recovery/data-recovery.html
About 4% of users remove it
CDRWIN 9  by Engelmann Media GmbH
CDRWIN is a CD/DVD burning software for Microsoft Windows developed by Golden Hawk Technology company. It bundles limited versions of other software packages, such as Nero Burning ROM and Roxio Easy CD Creator, with new computers and optical drives.
www.engelmann.com
About 1% of users remove it
FolderIco 1.0  by Teorex
Publisher's description - “FolderIco allows to customize the icon of every Windows folder in one click. Don't you know how to change standard yellow folder to a colourful and bright one? With FolderIco, give some color to Windows folders.”
www.folderico.com
About 9% of users remove it
Light Developer v7.1, build 12452  by Stepok Image Lab.
www.stepok.net
About 8% of users remove it
Paragon Partition Managerâ„¢ 12 Home Special Edition  by Paragon Software
Publisher's description - “Storing all your data and your operating system (OS) on one partition is certainly not optimal for effective data organization and safety.”
www.paragon-software.com/home/pm-personal
About 5% of users remove it
Photoupz 1.63  by EvenPixel Ltd
www.photoupz.com
About 2% of users remove it
Startup Defender Uninstaller  by ZardsSoftware
Publisher's description - “Startup Defender is a small program that sits in your Windows tray and speeds up startign by constantly monitoring in real time the startup locations on your PC to help prevent programs from auto starting up behind your back.”
www.zardssoftware.com/startup/startup.html
57% remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 3 URLs.

http://d.webshieldonline.com/WebShield/70501/.../Setup.exe

http://dlp.cloudsvr40.com/WcGIUYoZH53TOqPwGxBaPpXNgAM_ecJ0C-BvPtUL1ynrlBOGDxujPody7lx6nQtMz2KPXgQFNn5nr5Bezs7SIbOVtan5IC5A7bZOaNLeo6o

http://ttb.getsoftdll.com/download/request/.../UD79NFnL?PubID=[VALUE]&subid=2756674368

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to giveawayoftheday.com  (204.155.149.200:80)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.