home

setup.exe

program A own combined

Sergiy Maratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application setup.exe by Sergiy Maratov has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
security around  (signed by Sergiy Maratov)

Product:
program A own combined

Version:
9.7.0.0

MD5:
7212d4cb6ac382eb45e8241e305179d7

SHA-1:
e0335eb0bc72838e92026597e9a380ffe45a12b4

SHA-256:
587955cb4302b5a788571b602f3dd92482523eb99b72f8645bcac9a2c96cc419

Scanner detections:
16 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 2:43:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.103
918

Avira AntiVirus
ADWARE/Adware.Gen
7.11.164.206

avast!
Win32:MultiPlug-BF [PUP]
140617-1

AVG
Adware Generic5.BDQV
2014.0.3986

Bitdefender
Gen:Variant.Adware.Dropper.103
1.0.20.1060

Comodo Security
Application.Win32.Multiplug.R
19039

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.103
8.14.07.31.04

ESET NOD32
Win32/AdWare.MultiPlug.AG application
7.0.302.0

F-Secure
Gen:Variant.Adware.Dropper.103
11.2014-31-07_5

G Data
Gen:Variant.Adware.Dropper.103
14.7.24

IKARUS anti.virus
AdWare.Graftor
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.Multiplug
v2014.07.31.04

McAfee
PUP-FLT
5600.7052

MicroWorld eScan
Gen:Variant.Adware.Dropper.103
15.0.0.636

Panda Antivirus
Trj/Genetic.gen
14.07.31.04

Reason Heuristics
PUP.Installer.SergiyMaratov.F
14.7.31.14

File size:
1.9 MB (1,979,752 bytes)

Product version:
9.7.0.0

Copyright:
Copyright (c) 2014

Original file name:
if take

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Language:
English (United Kingdom)

Common path:
C:\Program Files\reason\should i remove it\setup.exe

Digital Signature
Signed by:
Sergiy Maratov

Authority:
Unizeto Technologies S.A.

Valid from:
6/24/2014 4:43:54 PM

Valid to:
6/24/2015 4:43:54 PM

Subject:
E=SergiyIvanovich@hotmail.com, CN=Sergiy Maratov, O=Sergiy Maratov, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
774A5B60838D600A3706CAB0BC5A6286

File PE Metadata
Compilation timestamp:
7/31/2014 10:01:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:iZChiAcN/GKR2NDq/eaeDb824ACGcHc/uxAii6apwSP6RqF2:iZChiwKR2ND690g2JwcTJwSP6Rqc

Entry address:
0x17F7B

Entry point:
E8, 97, 7C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, DE, 42, 00, E8, 6F, 0D, 00, 00, E8, A2, 03, 00, 00, 0F, B7, F0, 6A, 02, E8, 2A, 7C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E3, 44, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9042  (probably packed)

Code size:
137.5 KB (140,800 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

TCP (HTTP):
Connects to c1.stylezip.info  (54.186.255.26:80)

 
http://c1.stylezip.info/?step_id=1&installer_id=8396772&publisher_id=396&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=25190316&external_id=0&session_id=50380632&hardware_id=58777404&installer_file_name=setup

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.