» setup.exe
Overview
Analysis
File Details
Downloads (56)

setup.exe

Tolaracol

Quality Install (Alpha Criteria Ltd.)

The application setup.exe, “Tolaracol Setup ” by Quality Install (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.citycenterstock.com and multiple other hosts.

File name:

setup.exe

Publisher:

Gesuk (signed by Quality Install (Alpha Criteria Ltd.))

Product:

Tolaracol

Description:

Tolaracol Setup

MD5:

c74e946c1d3ee374702b16ec4ee1dd7d

SHA-1:

d080b21f77af44d58d5297914f1fe569460dae1b

SHA-256:

288926fdb454d8babb2cc0936b92da95f0c202ba2721db6d079e208ff697b146

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/28/2024 3:02:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.6.27.15

File size:

941.2 KB (963,808 bytes)

Product version:

5.7

Stub

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\programs\setup.exe

Digital Signature

Signed by:

Quality Install (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 8:14:15 PM

Valid to:

8/4/2016 9:59:05 PM

Subject:

CN=Quality Install (Alpha Criteria Ltd.), O=Quality Install (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121BA484E4C31175E4A844ED055428DEC42

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:b77lXzrOd0KGPeI5MHCHtwysk7A9AIZpulmYmdP1c33SjeP3:b7ZDyqPTKCtZs0A9Al6dP1mSi/

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9335

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file setup.exe has been seen being distributed by the following 50 URLs.

http://www.citycenterstock.com/c?x=Jnt7TlkrdQ3NGwxJgjGs65PD eKg4WdyVDW5XNfHscU=&c=UljaOkDwKVRsdAul2 EdmkqqqhX7obfUICp7AdGcIuNpfwtrKdNCNzhdwrDxmvyYzz6X/Kf/E6OAlAPbwueenZQ TvPpwgIQWKmQX88YZWlfeJIr4xx84N6ZRt G87hI&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bytevaultclear.com/c?x=h0zhvLGu/Nbo TROk6OsfC88GEdS24ooyngaZ5KHIh8=&c=SM4uzLqsYKd/EkqfxkHVkdAOKhVFv7OHVr8ups/7vmiYnIxEW3hlanx41BqnpSxl9W0hn4Qy3hSfHbhLiXaxZ k 3VJKuSD32cR/9n9OID9xVpT7 tAoj4GmgQ0TFLB8&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.appdeliverycycle.com/c?x=i5I4E cGNMcQlP5SjshP1WbXAlHmvO8y57hgDBayjp0=&c=UV9j8nL/mkK57q 18 g/hMCrsPFCBCJYTTMciwRJl9NhWIwDycBJiwAfP6P76TJjS4d2vpGaMfnCW8HvDamrfGnfeYtFuQij4Bbiip52qPCKgpFr9EMJaEz4Av8J1geO&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://iknow.blob.core.windows.net/.../Setup.exe

http://ttb.lpmxp1068.com/download/request/.../SuxgELn6?__tc=1409341462.303&lpsl=0792b50072e2ec028ecb5220db7b6e78&expire=1409427543&source=1&tgu_src_lp_domain=www.requiredinstall.com&fileName=Setup

http://www.appsendtours.com/c?x=5OFetmaHmoAWdKb4z8eBv/foQ1axH1dytePpuuSxDsE=&c=F8RzS9hsjYyFGduNbh5nLcyagVMgjXsa/6ztHt3Q/8gQFeP/v/JLryXwxAuWqGqhf4Ndy2y3D6WXEF03vobDiU/ae2rxcJln5T2hI3UwO8bY0goLzNEMoMN6oEOyQDbp&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.downloadsafecenter.com/c?x=eX2 N/dJz6fneFI AqGBb/x6Pun/oFWvkb/YsZkkjNU=&c=m6rHO0gr0Sn0pNVH niIAkCNvE0wQadQoA9Y0FzD6MZB2hAkjvWgnmMZssPcHHkCBd8fN0y Lin9PxDW6LX77JU9rBOQdOm6izE5AlTdKw AIC7NXKWnalhkQLhb2dKB&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.centralvaulttours.com/c?x=QEEIlq81Zs5Fs03mBtN7cdKMczJVgydhtMvfGl1NH28=&c=mxmvHx3/ufhnxkn9SvmeK Gsc9ogp/NJObTdLPxWHFE/SF05jcFbJmMihD6WGo/z4ynL3aoEgAX4BtnjkC8c0lRM3oFYeXJhSlYqtNyoeuKshwQ3vJXVT25LQ FWb21k&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.packageupdatehead.com/c?x=Rc1gLxdoRVtHxxeZH4PVgVDxbUjin38FwfBbi23B23E=&c=qvvn1FVpYDu/gMrowfe Av8TIXH6Yrc2xUq3SppXctZl Gi5wJu9rLY6LoVSvq5ha5sNZh1GD4/RyeNOKimsfnXwzoo4ctnuJLtglMk6i3dAySwO5uDCCSJ68qmJq8IN&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.citycenterstock.com/c?x=3OeP5qxMDADznKztVkqNXpXZdykmlL9SKROqVgLBDG8=&c=kq0UPXNMpjkBdBin15t2RFdx4MVbuQfP0VT33/LWQb/fQYfNe/2UmKgTHFp41FJgN6W k4qPflKdAWlYrcjDwPEjvwmHbQWAo2/zex858tLomSQc8EAIfcVMCr/zKr5x&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.flvplayerapp.com/default/ga/.../?dl=1

http://www.signschucklepresent.com/c?x=NKrWfgkRYDMgxGntRIjxnzAvs9bMeiz4Hph 9 RnKWc=&c=oa6krCt1woKfRw11NuXkvWXuJt8YAjeW42ToUszrZzcsbeGoOqtE33BhmmimHIdoJU9c9r5mNYwg2XFlZ6cT5BH/qnuN24ksT1CoyMWVjnQeBZGa/GIObUVuXo1CIc6X&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.appdeliverycycle.com/c?x=Wi7n/2YWIflcfZCJkybbDKar5brk7pouxVuohdySzBo=&c=SHPEfDLuNa1DZI6hGwHqBtDjbwNS8Kro61KsVCICftUVkFPrjzskyOkQ8bmuVsB E IzHPfsehCBE0kb/J4xWEFqdzXV1/0DssSij zaTwHWMyiFM8e0V4iUhCZ /UCy&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bodyfarmclear.com/c?x=YNspOD8WReYe7H/Wkg2gD xZZ7Gmz6F/NNqGYzUQYLc=&c=9cbL8t/c YARtN01YFzicpSScDGuQtOuAoXkUYJ1JP6pQsRRdr CsqAYY7WQS7jOFBZFooEO0QnuMYl82FOa1grvhFlQz0CSdVysRBSPT71j4x2uoL06buPDB3y5HZTI&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bundlesbodyvaults.com/c?x=2SPXoJwzFbQM ioiVBkxiG3Xby7TWMvMnenbRgn NZA=&c=AlaMBryC7A7SZ87EhajAGqMkSVzS/YERMsXzO1WScZtDFis3SvIgugBvBT1J baJo0/niowYoqMokzzvn9Y5nP/3O9y2n2vUrGBLCCy92QoALoaKmcfkdp5pvCl7G9UB&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.worldcentergrab.com/c?x=J5J2EUjQaXaTGTm4HDO3o5t54tleh90rzkyz8HP7Wh8=&c=lsCA966pXb/ilNaWa2vvZbSPh5Z3fis37eLUC/OxwaitRgwQc9b42OTvy4EpT6QxD20FhhtS DIfBpgBLwHYcHhBbC3EcAc78iin3fYAo9VyVGfIKHOliaZb3kWcdNPl&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.universeranchbinaries.com/c?x=OrzEf3Z HGvUGk3Z4cRKgpLE4KR8MDKP0E0o0oR/SRc=&c=oWvAJavFnSuKTykjQh9rdysrBwFqocK0Rr6UTKMbv6hxT7gYW xNyt6m hu156WmShywmdXksn blySQYvrXeE9Bmj035phJKkbW0lTMmHSmzjakEiN4jI3Ho8yZTpr/&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bundlestoursafe.com/c?x=Q13evSd5Ees8/49xy4QXk/c8l7Or8p5npbeeZe8RuQ0=&c=a1QHsBF U5dkGvLy2j71FMCJ/mPiv2ZCQrFkOtokeH35uRzXTyOMpHhywDTRho ykPdKehzm6Fn5DIuECsIVW0aNJvGw8O5H1mhp6k8 YzUMcWv6qm8O/qqEp9vqowXE&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.sendconecpttour.com/c?x=18zD9MjfmJoL6BiRWerKIopPjHYyKoKZ6eT/uFltTjc=&c= 4cdFhe8GkcS35hzewql25ry9PWiKgp9crpXkPl Io2VJquPi2xqWjUy6yeS84kSMXWhO9OJU5Wj1RlslL37gJX53hXRt8 Tjpu6wlOINyKLFjToFt3/c/aHWzMRCOZd&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.appssignbundle.com/c?x=uzrySgX3V7XZsLYCFJu/T yIhfYLW HnrLaFKIXJysY=&c=irsaTrMRRud0s942CEH5YqF031u8tD8vo5o6SFv9CVtQufczLxpS8gQyxxEotRJoRvlsRQ5uUV0NIpi6CgTn3l C6RTx/vT99RicUBh0Li6JgUIsoCb4meLhIewcDzME&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.centralvaulttours.com/c?x=auzmLf/Gg 2Fc8ALmkymlrrXVsEimiYFHF/uX/QTWRM=&c=A55dlPMcMM32h5pcs3Ev5Xd3klS6sf6biiHVzYul1kfDEslKOUDEk93qyGMrdnGFu9xrru3bW05ceiYf6uopmFG8rzjjNmxhH2Jg01fkEDovfMnGrfY14/EJCwdXbm0T&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.sendstockcentral.com/c?x=VeVtU/nM BvYBgpx6f3pE0ixolm Bw5W4nU9N5SBh8g=&c=cC66UmDb7NTfeaaDafmjJyIrlBLGwvqYBw2yEIXAXDzDl72uqwRwQBGzty7jS5aPMW rY8lmlJdFRjmu 2IUqEy7vyeqeCCerHRsA7ejuGdFWGSmBzyzznFGw2chRuMZ&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.sendconecpttour.com/c?x=BDXG/KqlCMd3LAXiV /gmmueTvs/DbcMO6kP2Gf2cuY=&c=CckEoLU8OR0j37QAoa2Vd93j jtiLgXTOITjjpIjTpZ/lF9FYDfRRGKLuc6g9WWvCroye DZwmqIhESZ0IawswOL7v3h3WJ1hUvsN1piKKYHnK0clW C7tv8n1Dckaf0&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.downloadsafecenter.com/c?x=QFPZfsM5w2uaksqGOXFQ2SVv/hGdCTrXfSn5oEkstPc=&c=HkK2d YGY5L6sd7x VjXwoMzCPkcwLgBL8b wRTyKUZorbJ36XPR5vfhUfLhevFHssI8JlQUDavHvDCpR0MJEFBYtSvY UXVjX6ePwjBH3aNvz4L2nSEEcP6ctU1/Fe1&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.centralvaulttours.com/c?x=1EDIYU0vDHx9iz7p1f3hJlymDyRYfQSJQwrzYRA/rwM=&c=VK7LsF2t1Kq6u Odma4JUgKZsgEEdGJ1ryt5fWRMnEjDOmD1heszr7iT7g8qqWeNNfs90BJhm6YWvhOmtZk7zgtswJcadIsBTb71peCF99YRtNYMLJMskR3pSWYc3Evo&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bundlesbodyvaults.com/c?x=KZOa1/OdaGnWjne/jtbHA a5CoLyaD3/rtHuGUaEJW4=&c=ipjyD9GsdUgxiscsCjSj2RYPjEHn50gcsfnYa8UdE94XWSv6lwbtypn1es3vb7nvbXhe8DnHEId7cm4rICMdytTYkFFFX8Or6zXnVHocuaEGLNG062RfFdQGXOM4Ebdg&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bytedeliveryapps.com/c?x=EK7XGOfCPm8ue/eivRsE2VHAbn4ZlacO3mkSK2mTQe8=&c=F5BUCTFDj9GZgxt2gkPKOe2zQ4iR12B22gGx2u380sUkTuNZ8VB0VeYsx7/Tr0LRepDMc/zQ1n0Y171m1wplE1BX12o5H/EsmQgCHm2NfAxbAKaZH8hQHJtjWCPsbVHa&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.bundlestoursafe.com/c?x=iv093OGSTyRmigGJeGhTFz3oEm0Kn/X/UCnG8A6r7Bo=&c=tOPoz/Xdst7O/SvoXKY6Lp73WUO6JLgumxVghV5ZJZnHxqKWi2X7/4VmVMBjXZ3XpafeRdk1/7gC7g6UNVGiE0i9TGS7HPNlm1XxdUdizgqMgHdWczM 5gs ARGupQJD&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.heartchuckleworld.com/c?x=djWssMBXyD/MEw yhmcd5ES4TqU68OyXU8HURGDyRSM=&c=UM50yAYdd2p790jPPPHY8sm11kGq6yElR5Q5yOC AdVwAc7d77zc/Q7B0CJKoNo/8eWnUczi8mbkslXMIWSUHEzQxqC/2jP3If2s2mCjd4wcsE4tOvTcPM92keq97kfD&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://www.newtodaychuckle.com/c?x=BNRnQBCPUIPeGdXEZRD/VnPQt/mw22FnPLKG5/WoQFI=&c=Qv7FkuEoQp twbZALH74maWYB3SzQ8iI2ymNxRDb0OqIY/vZqnzHY9LCOl68p03BJzyEYgT4XX0l17CO3yDrPGEEtMk9/dGPSpirRo8Rq1nqr7f xeVdmDbILX4NM Io&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

Latest 30 of 56 download URLs

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.