home

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d24p1vpeyzkq4h.cloudfront.net.
MD5:
281d5ea8c460c768682cdf044a668ae8

SHA-1:
dd8dbc916562a4140f60bdd7c20d9de914e31eea

SHA-256:
09aa65030cea17ed31058959cd0910b66936f43d73802c98a4aceb3fd0a4183b

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
4/29/2024 10:36:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.DealPly.BK
355

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Upatre
2015.09.25

Avira AntiVirus
TR/Kryptik.abbohc
8.3.2.2

Arcabit
Adware.DealPly.BK
1.0.0.567

avast!
Win32:Adware-gen [Adw]
2014.9-160215

AVG
DealPly
2017.0.2833

Baidu Antivirus
PUA.Win32.DealPly
4.0.3.16215

Bitdefender
Adware.DealPly.BK
1.0.20.230

Emsisoft Anti-Malware
Adware.DealPly.BK
8.16.02.15.04

ESET NOD32
Win32/DealPly.BP potentially unwanted (variant)
10.12296

Fortinet FortiGate
Riskware/DealPly
2/15/2016

F-Prot
W32/Graftor.CB.gen
v6.4.7.1.166

F-Secure
Adware.DealPly.BK
11.2016-15-02_2

G Data
Adware.DealPly.BK
16.2.25

K7 AntiVirus
Adware
13.210.17326

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.659

McAfee
Artemis!281D5EA8C460
5600.6489

MicroWorld eScan
Adware.DealPly.BK
17.0.0.138

NANO AntiVirus
Trojan.Win32.Kryptik.duvjgb
0.30.26.3725

nProtect
Adware.DealPly.BK
15.09.24.01

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA NN (PUA)
4.98

SUPERAntiSpyware
Adware.DealPly/Variant
9323

VIPRE Antivirus
Trojan.Win32.Generic
44022

File size:
445 KB (455,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:vwj377j9YMYBMqTG14k3JAvYkvdcpr9b636A4YSY+zN:vwjT9YpJaeYScRI3sN

Entry address:
0x60B14

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, 09, 46, 00, E8, 00, 63, FA, FF, E8, CB, 1E, FA, FF, 3D, C1, 00, 00, 00, 0F, 85, D8, 00, 00, 00, 00, 2E, 79, 05, 70, B5, 7C, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 1E, 5F, 0D, 00, A7, 49, 7E, 00, 49, 98, 91, 00, 61, 47, 00, 00, 79, 78, 0C, 00, 00, 2E, 79, 05, 70, B5, 7C, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 1E, 5F, 0D, 00, A7, 49, 7E, 00, 22, B5, 7C, 00, 61, 47, 00, 00, 79, 78, 0C, 00, 00, 2E, 79, 05, 49, 98, 91, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 49, 98, 91, 00, A7, 49, 7E, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
383.5 KB (392,704 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://d24p1vpeyzkq4h.cloudfront.net/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.