» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Desktop Recipe

Exciting Technology

The application setup.exe by Exciting Technology has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from heroic.vanosystem.com.

File name:

setup.exe

Publisher:

Exciting Technology (signed and verified)

Product:

Desktop Recipe

Version:

3.0.86.1

MD5:

e28688caf47b72f59c88aa26ca675108

SHA-1:

dd9c49a756d9668946ab15a7522059f86ac73b7c

SHA-256:

545293c6814348a4c379a25c6eaa6b34fff3f70efa16494da6e5c3d3d6f46634

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

8/10/2025 3:03:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.722038

471

Avira AntiVirus

ADWARE/PullUpdate.Gen7

8.3.2.2

AVG

Downloader

2016.0.2949

Bitdefender

Gen:Variant.Adware.Kazy.722038

1.0.20.1470

Comodo Security

ApplicUnwnt

23323

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.722038

8.15.10.21.11

ESET NOD32

MSIL/Adware.PullUpdate.J.gen (variant)

9.12330

F-Secure

Gen:Variant.Adware.Kazy

11.2015-21-10_4

G Data

Gen:Variant.Adware.Kazy.722038

15.10.25

IKARUS anti.virus

Trojan.Win32.SelfDel

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17372

Malwarebytes

PUP.Optional.PullUpdate

v2015.10.21.11

McAfee

Artemis!012428023337

5600.6605

MicroWorld eScan

Gen:Variant.Adware.Kazy.722038

16.0.0.882

Reason Heuristics

PUP.Injekt.ExcitingTechnology.Installer (M)

15.10.21.23

Rising Antivirus

PE:Malware.RDM.09!5.F[F1]

23.00.65.151019

Sophos

Generic PUA MB (PUA)

4.98

Vba32 AntiVirus

Trojan.SelfDel

3.12.26.4

Zillya! Antivirus

Adware.PullUpdate.Win32.31366

2.0.0.2421

File size:

5.1 MB (5,364,200 bytes)

Product version:

3.0.86.1

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\bfi48k1ixp\setup.exe

Digital Signature

Signed by:

Exciting Technology

Authority:

Symantec Corporation

Valid from:

1/21/2015 4:00:00 PM

Valid to:

1/22/2016 3:59:59 PM

Subject:

CN=Exciting Technology, O=Exciting Technology, L=St. Michael, S=St. Michael, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

78090672DF6104656959D799BD62B471

File PE Metadata

Compilation timestamp:

10/19/2015 10:23:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:PGRCPgjEWmpfgNYVuJHjvaSHtWTJ0a8liyGoHAtKfZFdhzS+Nj+uDfKFRRRRVQIY:PMIC2gNYVIdNWTJ0a8lfGogtKf1h/N+E

Entry address:

0x6EA7

Entry point:

E8, CF, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 35, 42, 00, E8, D3, 55, 00, 00, E8, 54, 2A, 00, 00, 0F, B7, F0, 6A, 02, E8, 62, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 74, 53, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8407 (probably packed)

Code size:

106.5 KB (109,056 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://heroic.vanosystem.com/dtr/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.