» Setup.exe
Overview
Analysis
File Details

Setup.exe

LLC INTERMEDSERVIS

This is a component of the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by LLC INTERMEDSERVIS has been detected as adware by 23 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

LLC INTERMEDSERVIS (signed and verified)

MD5:

a099b3141b4e7022f53017938e593167

SHA-1:

c2613803c39801581a702164789b087fb974795b

SHA-256:

387274d81c8fc8dd1fc7a7e69caa7f659348aee9d17a57ea3f4c0b257d672f32

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

5/2/2024 6:53:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.181023

5624930

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Bundlore

2015.04.15

Avira AntiVirus

PUA/Bundlore.Gen

3.6.1.96

avast!

Win32:Rootkit-gen [Rtk]

150414-0

AVG

Adware BundleApp.JR

2014.0.4311

Bitdefender

Gen:Variant.Graftor.181023

1.0.20.525

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Bundlore.SDA

21770

Emsisoft Anti-Malware

Gen:Variant.Graftor.181023

9.0.0.4799

ESET NOD32

Win32/Bundlore.S potentially unwanted application

7.0.302.0

F-Prot

W32/S-85cc3c59

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.181023

5.13.68

G Data

Gen:Variant.Graftor.181023

15.4.25

herdProtect (fuzzy)

variant of unconfirmed 655119.crdownload (Adware)

2015.7.16.19

IKARUS anti.virus

PUA.Bundlore

t3scan.1.8.9.0

Malwarebytes

PUP.Optional.Bundlore.C

v2015.04.15.04

MicroWorld eScan

Gen:Variant.Graftor.181023

16.0.0.315

NANO AntiVirus

Riskware.Win32.Downware.dpnfqi

0.30.16.1110

Panda Antivirus

Trj/Genetic.gen

15.04.15.04

Reason Heuristics

Threat.Bundlore.INTERMEDSERVIS

15.4.14.20

VIPRE Antivirus

Threat.4150696

38882

Zillya! Antivirus

Backdoor.PePatch.Win32.69391

2.0.0.2139

File size:

285 KB (291,840 bytes)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

LLC INTERMEDSERVIS

Authority:

COMODO CA Limited

Valid from:

2/27/2015 6:00:00 PM

Valid to:

2/28/2016 5:59:59 PM

Subject:

CN=LLC INTERMEDSERVIS, O=LLC INTERMEDSERVIS, STREET="Street Ivana Franka, 15", L=Kyyiv, S=Kyyiv, PostalCode=01030, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

34F89D4D0D2072DB6D783FD3F19FCFCD

File PE Metadata

Compilation timestamp:

3/8/2015 11:10:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:8oBPZcYGEOUvofMbnbNfdSqapyfxiwH5NB:82Zc9EOxfqbNM4fxiwH5D

Entry address:

0x30CA

Entry point:

E8, 8D, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, AD, 41, 00, E8, F0, 2D, 00, 00, E8, 5E, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, DF, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.9960

Code size:

77.5 KB (79,360 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.