» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

File

DaiLy apps FOrfor

The application setup.exe by DaiLy apps FOrfor has been detected as adware by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.down1209group.info.

File name:

setup.exe

Publisher:

DaiLy apps FOrfor (signed and verified)

Product:

File

Version:

1.9.3.0

MD5:

78c50ec2f57cae456d3c70917774ba59

SHA-1:

a9576bac46e11c9a90d9a1f79dbc000b2a0621cf

SHA-256:

5a26bba16f0e98dd0a4b88d4223fa945c0a2eb2de6fba75c99ba8e13f0d67d96

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

8/2/2025 6:11:13 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.04.07

avast!

Malware-gen

150319-1

AVG

Downloader

2016.0.3147

Dr.Web

Trojan.OutBrowse.284

9.0.1.096

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

4/6/2015

Malwarebytes

PUP.Optional.Outbrowse.Gen

v2015.04.06.03

McAfee

Artemis!C4F3D4D02FE1

5600.6803

NANO AntiVirus

Trojan.Win32.OutBrowse.dpuxby

0.30.8.659

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Reason Heuristics

PUP.Installer.DaiLyappsFOrfor

15.4.6.11

Sophos

Generic PUA FK

4.98

Trend Micro House Call

Suspici.2955E6B8

7.2.96

VIPRE Antivirus

Threat.4150696

38882

File size:

1 MB (1,099,560 bytes)

Product version:

1.9.3.0

File

Original file name:

Ionic.Zip-2015Apr06-060918-5ce9f15a-f5b2-492a-9cc1-ce7de004ef85.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

DaiLy apps FOrfor

Authority:

thawte, Inc.

Valid from:

4/1/2015 8:00:00 PM

Valid to:

1/27/2016 6:59:59 PM

Subject:

CN=DaiLy apps FOrfor, O=DaiLy apps FOrfor, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1EC489BBF9D9DC8133CA3B948FCF87F4

File PE Metadata

Compilation timestamp:

4/6/2015 2:09:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:7Miy4IadS4ms5I6e66fEheKh8s3l6QpX0XuDDbDqsTcXgOl85RdLeMURiqzmAH:7bSaE4mvt/Zq1pE+DDbDxcXgC8JuH

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5471

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://get.down1209group.info/.../1428300555/1428300555?53454726164YmJwMSw4bjc2LSwtI2A4LS4wMDYgaDgvNSwzH2w3LyBgLDouLC4uMiBiZmVeaGVfOSs0MjUvMjA0MzQiYmFpbTcuIXdlazkrJF1rN2NgcTAy

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.