home

Setup.exe

Soft Program installer

OOO ADVERT MOBAIL

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Soft Program installer Setup ” by OOO ADVERT MOBAIL has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Internet   (signed by OOO ADVERT MOBAIL)

Product:
Soft Program installer

Description:
Soft Program installer Setup

MD5:
c515083103dad9d740075e650b1a9035

SHA-1:
ac36149abe0f9185aab91b42246716f4df90dc60

SHA-256:
039d56febe69cc78d951b3d1d43a5d50cf262aca497899ea9118b5139e2ae7f9

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/10/2025 4:50:32 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Malware-gen
150525-2

AVG
Generic
2016.0.3093

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.DAH
22280

Dr.Web
Trojan.InstallCore.495
9.0.1.05190

ESET NOD32
Win32/InstallCore.ZC potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.204.16086

Malwarebytes
PUP.Optional.InstallCore.C
v2015.05.30.02

Reason Heuristics
PUP.installCore.Installer
15.5.30.9

Total Defense
Win32/Tnega.aLKQVQB
37.1.62.1

VIPRE Antivirus
Threat.4150696
40552

File size:
804.5 KB (823,760 bytes)

Product version:
1.8.5

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
OOO ADVERT MOBAIL

Authority:
COMODO CA Limited

Valid from:
3/17/2015 7:00:00 PM

Valid to:
3/17/2016 6:59:59 PM

Subject:
CN=OOO ADVERT MOBAIL, O=OOO ADVERT MOBAIL, STREET="Staropetrovski proezd , d. 11 k. 1", L=Moscow, S=Moscow, PostalCode=125130, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
43AB463A1C4E690E423B15E15697B584

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:NsNY48Qvy5Y/4QiMSBFU5xXBvRx80biaOUEOriF:NGY4Xv1gHMSBG5Xvb+t/OriF

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8178

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.