» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Long Mile Solutions, LLC

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application setup.exe by Long Mile Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.recordcheckerapp.com.

File name:

setup.exe

Publisher:

Long Mile Solutions, LLC (signed and verified)

MD5:

1084a1797118dbf59a15c8938597af65

SHA-1:

a54598265b8c1c05792e0f2acc9db2077bd2e888

SHA-256:

583f1bffb7edac6d39088a4e695e5a11add0661f55464f1e22fee61b2c328e4f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/18/2024 7:36:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.LongMileSolutions.Installer (M)

16.1.5.11

File size:

3.3 MB (3,456,312 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

Long Mile Solutions, LLC

Authority:

COMODO CA Limited

Valid from:

4/25/2013 7:00:00 PM

Valid to:

4/26/2014 6:59:59 PM

Subject:

CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", STREET=640 GRAND AVE STE E, L=CARLSBAD, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

53B89B8046F82D87A2C562F3D007CB45

File PE Metadata

Compilation timestamp:

6/6/2009 4:41:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:2HXd2IQyl8znZtOHmC5tXdllrEiqH64BUshkwpeA/O:AbQPbv4HrlrE769sy8

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9896

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dl.recordcheckerapp.com/RecordChecker/16602/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.