home

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from flv.hs1dmr.com.
MD5:
e7f42461a6472967eb2dc054b18214b4

SHA-1:
b056b26be40148ca25508f167cd2d7ebd928eadf

SHA-256:
9a1ca87ea540769d4efb3b180a60d6501dbda66ad2f016b38d54257466bc9a60

Scanner detections:
31 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/26/2024 8:32:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Bundler.Firseria.1
868

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.Firseria
14.09.19

Avira AntiVirus
APPL/Firseria.Gen
7.11.149.206

avast!
Win32:Firseria-A [PUP]
2014.9-140919

AVG
AdInstaller.Firseria
2015.0.3346

Bitdefender
Gen:Application.Bundler.Firseria.1
1.0.20.1310

Clam AntiVirus
Win.Trojan.Firseria
0.98/19168

Comodo Security
TrojWare.Win32.Trojan.Obfuscated.~EN
18276

Dr.Web
Adware.Downware.1433
9.0.1.0262

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9803

F-Prot
W32/Backdoor2.HTEZ
v6.4.7.1.166

F-Secure
Gen:Application.Bundler.Firseria
11.2014-19-09_6

G Data
Gen:Application.Bundler.Firseria
14.9.24

herdProtect (fuzzy)
variant of microsoft%20word.exe (Adware)
2014.11.30.18

IKARUS anti.virus
not-a-virus:Downloader.Win32.Morstar
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12080

Kaspersky
not-a-virus:Downloader.Win32.Morstar
14.0.0.3225

Malwarebytes
PUP.Optional.Firseria
v2014.09.19.09

McAfee
PUP-FFT!AA31FCF4B50D
5600.7002

MicroWorld eScan
Gen:Application.Bundler.Firseria.1
15.0.0.786

NANO AntiVirus
Trojan.Win32.Morstar.cslwyy
0.28.0.59826

Qihoo 360 Security
Malware.QVM18.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.Morstar.O3
9.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.19.21

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54
23.00.65.14917

Sophos
Solimba Installer
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10349

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29230

Zillya! Antivirus
Downloader.Morstar.Win32.1
2.0.0.1789

File size:
165.3 KB (169,272 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
10/14/2013 10:23:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:D4HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:8iI/PlY37ZLF4Ca6WABqBOvs

Entry address:
0x76117

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.8741

Packer / compiler:
ASPack v1.08.04

Code size:
101 KB (103,424 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://flv.hs1dmr.com/aff_c?offer_id=44&aff_id=1020&url_id=166&aff_sub=755--1139--1385304686.6366--1942ae72d8&cb=1942ae72d8

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.