home

setup.exe

Safe Install Software

The application setup.exe by Safe Install Software has been detected as adware by 28 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from files4.downloadnet230.com.
Publisher:
Supersonic Rapid Installation  (signed by Safe Install Software)

Product:
Supersonic Rapid Installation

Version:
21.3.7.865

MD5:
bdf5da8715e2dd93b6060d0278d6817a

SHA-1:
db78173aa44706a9cbbb6eb56aad0bda51d5e876

SHA-256:
4460882b213e93e18e6033e56e0e66777ef143514fd6984b4a7bb6ebf495ef8a

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/3/2024 4:51:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
383

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.11.18

AVG
Generic
2017.0.2861

Baidu Antivirus
PUA.Win32.DownloadAdmin
4.0.3.16118

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.90

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-241
0.98/21511

Dr.Web
Trojan.Vittalia.1074
9.0.1.018

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12581

Fortinet FortiGate
Riskware/DownloadAdmin
1/18/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-18-01_2

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.1.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17883

Kaspersky
not-a-virus:Downloader.Win32.DownloAdmin
14.0.0.798

Malwarebytes
PUP.Optional.DownLoadAdmin
v2016.01.18.08

McAfee
Artemis!62F14712DDF0
5600.6517

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.54

NANO AntiVirus
Trojan.Win32.Vittalia.dyuiyf
0.30.26.4751

Panda Antivirus
Generic Suspicious
16.01.18.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.DownloadAdmin.SafeInstallSoftware.Installer (M)
16.1.18.8

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.16116

Sophos
Generic PUA DN (PUA)
4.98

SUPERAntiSpyware
PUP.InstallCore/Variant
9378

VIPRE Antivirus
Trojan.Win32.Generic
45258

Zillya! Antivirus
Adware.BrowseFox.Win32.161818
2.0.0.2516

File size:
882.3 KB (903,456 bytes)

Product version:
21.3.7.865

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Safe Install Software

Authority:
GoDaddy.com, Inc.

Valid from:
11/3/2015 8:05:38 AM

Valid to:
9/5/2016 10:47:46 PM

Subject:
CN=Safe Install Software, O=Safe Install Software, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00E7829E9AC810013E

File PE Metadata
Compilation timestamp:
11/27/2014 6:36:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:30mTd1gVE2Fel18HeVc9Rz1PPV1guA6MtYc+jJF:kg4V5FKGeVcJRgP6Mtcv

Entry address:
0x3EAA

Entry point:
E8, 71, 96, 00, 00, E9, 73, 8F, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, 1C, F2, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, B0, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00, 00, 00, 66, 89...
 
[+]

Code size:
53.5 KB (54,784 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://files4.downloadnet230.com/download/.../dl?bc=1197303&pid=adknowledge&brand=adknowledge.com&aid=adk&s=informer_fwint_dnld300x250usdisplay&c=informer_fwint&country=DE&osName=Windows&osVersion=7&browserName=IE&browserVersion=11&cb=223324315&filename=Setup.exe&productKey=at3ofpzwb4ow7nz6hbjkmbkwltg6zgsj&zTmp=1&executable=1197171

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.