home

setup.exe

Build Input

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Premium Installer ” by Build Input has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Premium Installer   (signed by Build Input)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
fbee2a30e5f46314df18e17e95c9d0cc

SHA-1:
af716042e91741e29f9237ce9ad793d3e5ab6a5b

SHA-256:
13763efc15bd87ffb9f11e886239bc9394ba644833fd7c8d5e6dba63af5d4077

Scanner detections:
23 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 11:38:38 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.61512
889

Agnitum Outpost
PUA.iBryte
7.1.1

AhnLab V3 Security
PUP/Win32.IBryte
2014.08.26

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.169.68

avast!
Win32:IBryte-EQ [PUP]
2014.9-140829

AVG
Adware AdPlugin.ABE
2014.0.4015

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.14829

Bitdefender
Gen:Variant.Adware.Strictor.61512
1.0.20.1205

Comodo Security
Application.Win32.AgentCV.HWYE
19313

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.15
9.0.0.4324

ESET NOD32
Win32/AdWare.iBryte.AX application
8.7.0.302.0

F-Secure
Gen:Variant.Adware.Strictor.61512
11.2014-29-08_6

G Data
Gen:Variant.Adware.Strictor.61512
14.8.24

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.3331

Malwarebytes
PUP.Optional.OptimunInstaller
v2014.08.29.06

McAfee
IBryte
5600.7023

MicroWorld eScan
Gen:Variant.Adware.Strictor.61512
15.0.0.723

NANO AntiVirus
Trojan.Win32.Badur.dedhhz
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.08.29.06

Reason Heuristics
PUP.Installer.BuildInput.F
14.8.29.18

Sophos
iBryte Premium Installer
4.98

VIPRE Antivirus
Threat.4778314
32210

Zillya! Antivirus
Adware.iBryte.Win32.1558
2.0.0.1903

File size:
122.9 KB (125,816 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Build Input

Authority:
COMODO CA Limited

Valid from:
3/23/2014 8:00:00 PM

Valid to:
3/24/2015 7:59:59 PM

Subject:
CN=Build Input, O=Build Input, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0093C151407610A7B56F799C03CB8D955D

File PE Metadata
Compilation timestamp:
8/26/2014 5:15:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:OMxPWm0PwinOdpPkMKee/ipWVUe5XXJ1qDrIPSkTCmXqqe2ZkLat:lxWm0P7nOdmMXrIakTCmjZH

Entry address:
0x62F5

Entry point:
E8, 3E, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F8, B1, 40, 00, 89, 0D, F4, B1, 40, 00, 89, 15, F0, B1, 40, 00, 89, 1D, EC, B1, 40, 00, 89, 35, E8, B1, 40, 00, 89, 3D, E4, B1, 40, 00, 66, 8C, 15, 10, B2, 40, 00, 66, 8C, 0D, 04, B2, 40, 00, 66, 8C, 1D, E0, B1, 40, 00, 66, 8C, 05, DC, B1, 40, 00, 66, 8C, 25, D8, B1, 40, 00, 66, 8C, 2D, D4, B1, 40, 00, 9C, 8F, 05, 08, B2, 40, 00, 8B, 45, 00, A3, FC, B1, 40, 00, 8B, 45, 04, A3, 00, B2, 40, 00, 8D, 45, 08, A3, 0C, B2, 40...
 
[+]

Entropy:
5.9783

Code size:
25 KB (25,600 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.