» setup.exe
Overview
Analysis
File Details

setup.exe

Media Player

Conversionads

The application setup.exe, “Media Player Setup ” by Conversionads has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

setup.exe

Publisher:

Conversionads (signed and verified)

Product:

Media Player

Description:

Media Player Setup

MD5:

9df21dcaa576567e5f8b6583ff12c630

SHA-1:

e391e6f776cb21b43c7d1b5a64f4175ae9e034c9

SHA-256:

f86b2e7dbfbf4f5a879e39fade7e09fafbc1a6727a6aa576cce631244d3d5a54

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/18/2024 10:06:38 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Agent.F

2015.0.3305

Fortinet FortiGate

W32/OutBrowse.C

10/31/2014

Reason Heuristics

PUP.Installer.Conversionads.F

14.10.31.5

Sophos

Conversion Ads

4.84

File size:

29.3 MB (30,712,128 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Digital Signature

Signed by:

Conversionads

Authority:

COMODO CA Limited

Valid from:

5/30/2012 9:30:00 AM

Valid to:

5/31/2013 9:29:59 AM

Subject:

CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata

Compilation timestamp:

6/20/1992 7:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:U9waph8K6mdBOTYpT/Y/zPBbe88Hn/Xk42IML/g:U9rtdB1kjBi8Afx2Il

Entry address:

0x9C18

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9999

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.