home

Setup.exe

Zoobam

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by Zoobam has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Zoobam  (signed and verified)

MD5:
3bfe45b73064e54bc73233c26f0f3e53

SHA-1:
b74257ead1eef772f437acb26d65ecd2a4d0064d

SHA-256:
2f1a1b504b01a54db7b58fce21054d2831cd410b785ac48a9dde9400e2566b9d

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/18/2024 10:11:35 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.206.52

avast!
Win32:Adware-CIX [PUP]
150319-0

AVG
Generic
2016.0.3159

Comodo Security
ApplicUnwnt
20675

Dr.Web
Trojan.Vittalia.36
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.J potentially unwanted application
9.7.0.302.0

G Data
Win32.Application.DownloadAdmin
15.3.24

herdProtect (fuzzy)
variant of vlcmediaplayer-setup.exe (Adware)
2015.7.1.4

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.202.15389

McAfee
Artemis!B9F049D7247C
5600.6815

Reason Heuristics
PUP.Bundler.Tightrope
15.3.26.10

Total Defense
Win32/Tnega.FLbeQTC
37.0.11412

Trend Micro House Call
Suspicious_GEN.F47V0106
7.2.85

VIPRE Antivirus
Threat.4783369
36666

File size:
834.1 KB (854,096 bytes)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Zoobam

Authority:
GoDaddy.com, Inc.

Valid from:
10/15/2014 9:27:59 PM

Valid to:
10/15/2017 9:27:59 PM

Subject:
CN=Zoobam, O=Zoobam, L=Kirkland, S=Washington, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EA9D31E75E043

File PE Metadata
Compilation timestamp:
12/7/2014 10:56:37 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:G9jnxpJA9Kua6nPQSQsTnmc0Q9FxDNiZzSfOr0+z3962z7NbkGfxRee:ijxpW93nn0InTJDN2efOr0+kaVxR

Entry address:
0x3522

Entry point:
81, EC, 78, 01, 00, 00, 53, 55, 56, 33, DB, C6, 44, 24, 0C, 20, 57, 8B, EB, BF, A0, 83, 40, 00, 8B, F3, E8, FC, 3C, 00, 00, FF, 15, 08, 87, 40, 00, 68, 01, 80, 00, 00, FF, 15, AC, 80, 40, 00, 53, FF, 15, 0C, 87, 40, 00, 6A, 08, A3, C4, 4C, 42, 00, E8, 26, 2A, 00, 00, 53, 68, 60, 01, 00, 00, A3, 50, 44, 42, 00, 8D, 44, 24, 30, 50, 53, 68, E3, 83, 40, 00, FF, 15, 50, 81, 40, 00, 68, E4, 83, 40, 00, 68, 60, 44, 42, 00, E8, 40, 2C, 00, 00, FF, 15, A8, 80, 40, 00, 50, 68, 00, A0, 42, 00, E8, 2F, 2C, 00, 00, 53...
 
[+]

Entropy:
7.4949

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.