» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Conversionads

The application setup.exe by Conversionads has been detected as adware by 14 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.thefamilytreemaker.org.

File name:

setup.exe

Publisher:

Conversionads (signed and verified)

MD5:

64e387ea3f640e430c0633918035f5f5

SHA-1:

ea49d7132f01f6a5a04a5d25d8c83cf47b219f39

SHA-256:

d85777cc02153af29bc14cd8d65e8604b758f4dea94054163ea8d55ec8066dc4

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/21/2024 12:42:37 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.170.74

AVG

Agent.F

2015.0.3334

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.14101

Comodo Security

UnclassifiedMalware

19385

Dr.Web

Adware.InstallCore.55

9.0.1.0274

ESET NOD32

Win32/InstallCore.AG (variant)

8.10346

Fortinet FortiGate

Riskware/InstallCore.AG

10/1/2014

F-Prot

W32/InstallCore.V2.gen

v6.4.7.1.166

Reason Heuristics

PUP.Installer.Conversionads.F

14.10.1.14

Rising Antivirus

PE:Trojan.Win32.Generic.130A969B!319461019

23.00.65.14929

Sophos

Conversion Ads

4.98

Trend Micro House Call

TROJ_SPNR.0BI612

7.2.274

Trend Micro

TROJ_SPNR.0BI612

10.465.01

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.26.3

File size:

1.1 MB (1,103,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\programs\setup.exe

Digital Signature

Signed by:

Conversionads

Authority:

COMODO CA Limited

Valid from:

5/30/2012 3:00:00 AM

Valid to:

5/31/2013 2:59:59 AM

Subject:

CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:IonDXPWboTOTHgPlG8PVJ4peJHnor08YNVdKg/kkkWw0KcI:IODOUT8Zk3o0dKnR

Entry address:

0xCE6B0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 54, EB, 41, 00, E8, 9D, E9, FF, FF, 7B, 0C, 3B, CF, 75, 05, 29, 73, 0C, EB, 26, 8B, 0A, 03, 4A, 04, 89, 0C, 24, 2B, F9, 89, 7C, 24, 04, 8B, 12, 2B, D0, 89, 53, 0C, 8B, D4, 8B, C3, E8, D0, FE, FF, FF, 84, C0, 75, 04, 33, C0, EB, 0C, B0, 01, EB, 08, 8B, 1B, 3B, FB, 75, 85, 33, C0, 59, 5A, 5D, 5F, 5E, 5B, C3, 90, 53, 56, 57, 8B, DA, 8B, F0, 81, FE, 00, 00, 10, 00, 7D, 07, BE, 00, 00, 10, 00, EB, 0C, 81, C6, FF, FF, 00, 00, 81, E6, 00, 00, FF, FF, 89, 73, 04, 6A, 01, 68, 00, 20, 00... 
[+]

Entropy:

6.9745

Developed / compiled with:

Microsoft Visual C++

Code size:

841 KB (861,184 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://download.thefamilytreemaker.org/download.php

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.