home

setup.exe

RapidMediaConverterSetup.exe

Applon

The application setup.exe by Applon has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.allfreeapps.net and multiple other hosts.
Publisher:
Applon  (signed and verified)

Product:
RapidMediaConverterSetup.exe

Version:
1.0.0.7

MD5:
3bd0b80013b2dd647d67282e4896a1b1

SHA-1:
d4c482963c2ee680d91f270453c645b23393d439

SHA-256:
7632d4b29e476ebe3532fac01096c55cf17636e8b32048d0b94f90a15aa97167

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/19/2024 6:23:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Applon.F
14.8.8.0

VIPRE Antivirus
Rocketfuel Installer
31290

File size:
112.7 KB (115,376 bytes)

Product version:
1.0.0.7

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Applon

Authority:
COMODO CA Limited

Valid from:
8/10/2013 7:00:00 PM

Valid to:
8/11/2014 6:59:59 PM

Subject:
CN=Applon, O=Applon, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
61D4C21BAC72FFC01DD91677B59DA3E6

File PE Metadata
Compilation timestamp:
12/5/2009 4:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:EumhxebkJf+FTXJlcrwF8DRieJeg9gBAZwZTaJIAcbSmHkavcmQCI:EuxkZuTXJusF80eogaK2ZTaivc3CI

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.1330

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

http://i.allfreeapps.net/inst/software/39CB5867-1BDD-4DD6-88E8-353B7E5ECD91/.../Setup.exe

http://s.allfree-soft.net/inst/software/39CB5867-1BDD-4DD6-88E8-353B7E5ECD91/.../Setup.exe

http://i.nextupsw.com/inst/software/39CB5867-1BDD-4DD6-88E8-353B7E5ECD91/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.