» Setup.exe
Overview
Analysis
File Details

Setup.exe

File

DaiLy AppS fOrfOr

The file Setup.exe by DaiLy AppS fOrfOr has been detected as adware by 9 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

DaiLy AppS fOrfOr (signed and verified)

Product:

File

Version:

1.9.3.0

MD5:

3e6cd5e95f2ad13753a5ef002dac77f6

SHA-1:

b34ce4ff1017a86e2dd63bb2c40bfd6ed5d1a873

SHA-256:

265b8ac8b3cd71f89f33d15b9b16349608a28ace51c5d4456e75603bb8178107

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/14/2024 10:08:47 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.03.31

Avira AntiVirus

PUA/Outbrowse.Gen

3.6.1.96

Dr.Web

infected with Trojan.OutBrowse.190

9.0.1.05190

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

G Data

NSIS.Application.OutBrowse.AC

15.3.25

Malwarebytes

PUP.Optional.OutBrowse

v2015.03.31.07

McAfee

Adware-OutBrowse.e

5600.6810

Quick Heal

Adware.NSIS.OutBrowse.A

3.15.14.00

Reason Heuristics

PUP.DaiLyAppSfOrfOr

15.3.31.7

File size:

1.1 MB (1,141,240 bytes)

Product version:

1.9.3.0

File

Original file name:

Ionic.Zip-2015Mar26-020243-e431d435-7830-490f-af4a-0bb685f937da.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

DaiLy AppS fOrfOr

Authority:

thawte, Inc.

Valid from:

3/23/2015 11:00:00 AM

Valid to:

1/28/2016 10:59:59 AM

Subject:

CN=DaiLy AppS fOrfOr, O=DaiLy AppS fOrfOr, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

07287FBE69E60C7CEE7918973B8AD4E4

File PE Metadata

Compilation timestamp:

3/26/2015 1:02:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:+Miy4IadS4ms5I6e66fEheKhpsvxZusWqNi/JLWHGtnX0bhPuczKDYrT89G2wAg4:+bSaE4mvt/sI41cceNuczKsrWG2MpNbI

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5712

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.