» setup.exe
Overview
Analysis
File Details

setup.exe

Epub reader

Greatelsoft Trading Ltd

The application setup.exe, “Epub reader Setup ” by Greatelsoft Trading has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user.

File name:

setup.exe

Publisher:

Conversionads, Inc. (signed by Greatelsoft Trading Ltd)

Product:

Epub reader

Description:

Epub reader Setup

Version:

1.2.0.1

MD5:

6f7722dfa8d9e84f8171c98914813bdf

SHA-1:

a7b247af4641d65a5b0efa4241efc633e5e47235

SHA-256:

588e05b97262b8f3aac6554b897519cfccad0cf7f951a57d5ad0c3ea8ca77289

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 3:03:10 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

469

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-151024

AVG

Agent.F

2016.0.2947

Comodo Security

ApplicUnwnt

23416

Dr.Web

Trojan.DownLoader9.50761

9.0.1.0297

ESET NOD32

Win32/Toolbar.Zugo.C potentially unwanted

9.12409

Fortinet FortiGate

W32/OutBrowse.C

10/24/2015

G Data

Win32.Application.Linkury

15.10.25

Kaspersky

not-a-virus:AdWare.Win32.Lyckriks

14.0.0.1230

McAfee

Artemis!6F7722DFA8D9

5600.6603

MicroWorld eScan

Adware.Linkury.B

16.0.0.891

NANO AntiVirus

Riskware.Win32.Linkury.dwtdya

0.30.26.3947

Qihoo 360 Security

Win32/Trojan.fd6

1.0.0.1015

Quick Heal

Adware.Addlyrics.A5

10.15.14.00

Reason Heuristics

PUP.GreatelsoftTrading.Installer (M)

15.10.24.0

Sophos

Install Core Click run software (PUA)

4.98

Vba32 AntiVirus

AdWare.Lyckriks

3.12.26.4

VIPRE Antivirus

Adware.Trojan.Win32.Generic

44532

File size:

14.9 MB (15,579,168 bytes)

Product version:

1.2

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\2014\ereader\setup.exe

Digital Signature

Signed by:

Greatelsoft Trading Ltd

Authority:

COMODO CA Limited

Valid from:

7/2/2013 2:00:00 AM

Valid to:

7/3/2014 1:59:59 AM

Subject:

CN=Greatelsoft Trading Ltd, O=Greatelsoft Trading Ltd, STREET="Kyriakou Matsi, 3, Roussos Limassol Tower, 6th floor, flat/office 6A, 3040", L=Limassol, S=Limassol, PostalCode=3040, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EFAAE98A631C872ADDE1E300FDF065A2

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:sSAxLV4A4UoSvMCZfllFNni1l55iw+9cpok4Mlf+uVdvJ:VAMX4vMcf3F9inGwVCk4yfrVtJ

Entry address:

0x9C18

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.