home

Setup.exe

Finally Fast

Ascentive LLC

The file Setup.exe by Ascentive has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.ascentive.com and multiple other hosts.
Publisher:
Ascentive LLC  (signed and verified)

Product:
Finally Fast

Version:
8.3.5.0

MD5:
c48334eea017907e924892e4d1214b1a

SHA-1:
a3edb6756c105049cc7a7d496dcf3b02e1ca314e

SHA-256:
f69cf360bd415c080d3ff94e7a039fe648420acc762ac74e8b6c42b8f7921d70

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:08:46 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Ascentive.CC
14.10.24.11

Trend Micro House Call
Suspici.5B79AC6E
7.2.297

File size:
5.2 MB (5,446,040 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Ascentive LLC

Authority:
COMODO CA Limited

Valid from:
11/26/2013 7:00:00 PM

Valid to:
11/27/2014 6:59:59 PM

Subject:
CN=Ascentive LLC, O=Ascentive LLC, STREET=201 Spring Garden St, STREET=Suite 400, L=Philadelphia, S=PA, PostalCode=19123, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
387389B99D075D7F1C97769EC0402BF0

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Mt7fbMkVLxTg1F9GZScMJ5Ak5w58Mq9/lxwGZpf0KxK1dw5:efbM6g12ScaJMqJ/f08WdU

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9983

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 6 URLs.

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3039096069997/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3039096069997&c1=103641&loadlink=

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3016372586099/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3016372586099&c1=104811&loadlink=

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3038131999933/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3038131999933&c1=103641&loadlink=

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3040350392373/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3040350392373&c1=103641&loadlink=

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3027278043307/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3027278043307&c1=103641&loadlink=

http://www.ascentive.com/run/download?service=SpeedScan&debug=0&loadlink=http://www.ascentive.com/run/click/@3026596847970/products/.../select_finallyfast_download_op1.html?theme=select_finallyfast_partner_download&plan1id=&orderpackage1id=FFST1YR29&plan1c=&upsell_code=ff2&popuppage=&display=&referredby=@3026596847970&c1=103641&loadlink=

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.