» setup.exe
Overview
Analysis
File Details
Downloads (12)
Network (3)

setup.exe

Installer

Stepitapp LLC

The application setup.exe by Stepitapp has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from www.mydownloadhome.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

setup.exe

Publisher:

Stepitapp LLC (signed and verified)

Product:

Installer

Version:

1.0.0.0

MD5:

b659e91c08aaccb7d235ab6993a84acb

SHA-1:

eb3814b97df4cc5c08e0a50c374dbb5d6df5b156

SHA-256:

0c08d90b0ff11ed824907511a6e2ebb762f80f825c8c4d5caf549d5de8d0ea8e

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:

4/26/2024 11:16:05 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-140811

Dr.Web

Adware.Downware.5822

9.0.1.0223

Fortinet FortiGate

Riskware/Agent

8/11/2014

G Data

Win32.Trojan.Agent.J4OWYP

14.8.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.6.1.0

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3422

McAfee

Artemis!B659E91C08AA

5600.7041

Panda Antivirus

Trj/Chgt.A

14.08.11.02

Qihoo 360 Security

Malware.Radar03.Gen

1.0.0.1015

Quick Heal

Downloader.Agent.r3 (Not a Virus)

8.14.14.00

Reason Heuristics

PUP.Installer.Stepitapp.F

14.8.11.14

Trend Micro House Call

Suspicious_GEN.F47V0630

7.2.223

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Conduit

31506

File size:

395.9 KB (405,424 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Stepitapp LLC

Authority:

COMODO CA Limited

Valid from:

12/10/2013 7:00:00 PM

Valid to:

12/11/2014 6:59:59 PM

Subject:

CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata

Compilation timestamp:

6/29/2014 3:24:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:TlW02cC3ibqI59PpOPf201/z7pAmJI9ftRHe7o0:TlWt3ibqI59Pk2cb7pAmJ0ftRgr

Entry address:

0x610EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1834

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

380.5 KB (389,632 bytes)

The file setup.exe has been seen being distributed by the following 12 URLs.

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=M1q3JoVc6IHjIihAdNXkGkkZmrxQEm5CfLod_qpgfohQ7bJSihSro0GBPt2QgFq2fx4Tkdx9WExdMSdheCHcHTWYVLeXGJQxL7DmWSlAcFJIzZ94ltsTQ7zQkIe0OES12kR2pyXi6AWxsQn4e_ALWvPdl3_MPq-oL24eMUbNNayKRf-DmYrX0JPuv78zN9pe8zTTDxbmIRd3zsR9GhOtv96IjQOnGcSNDVkR4m5wUyyK_0Mq2bWPi-J9HLk_MYDDdzZhaQrQNWCMlx30DnB4RnbkMp8t8t6c6w8mt1z-WQPh3Iqepew26ixPsszXZB_fVlIaSb13V0_cDxqmeg4wdQLmMvpSYVS4-ZPtd1_zOw3qAPX9LlbwazA9nlE1M0So_G_VeWrjo4zVKd25VVrcm9xxGouUd_enl69GCyp6toQ3

http://network.adsmarket.com/.../jmNpnWecqZmIY2mcX8p6w4iQa5hhonuYiGOYlmOhfJyJkGqXY6R8lbdqcZVhnXw?dp2=tAsBIVhGO-tHcZ-uPE3YtE4Z9Ud8yDjxXYnkF2n07ZL9CJ7-msLRlxIjbeNy2f2KnNWhL5Pxbg6eq-yHaFndy-FW78QuSUcGG_tHPIKoHjQi_zjHnKMPnfrztqwPpCPgMx2luBt9ZSk8g3CydAVggbjdILHEC7v67HuouwXhdcM8aWsHrto1OmQIXtIW2h3lgs2bF71qcUDM56RxY_T7rQSuMiNMeuhf2HmBlQ_JApJqlFdVkXQUNL4bQqLpot9P4wNNFVhQYUb3h5L8WM_SOD2xr_fi82G7BbRXkiqTaowQrLAfdqF-LtKqm0Tn5rfpWL6xGNXJm5bIwEhSSSxb5Kh0nq-7D8w_vPU1FBuw2cNASQtLibtabdVwa4ZKAUiDu0kxdH-whWbFlhaq85lu0UO1hXL47j2QKw8Q0VbrYxASuQ

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=P8KK5Mi_gWpn8t2Jtcclg4l5xTL2xbLQYv0IBBaFsNXNY7zvMmqgT4een5W9OhbjVWgVJ7YVoGVR_-lR1cQ4oueXNSv4rNm61NjjftySERIs-IBtdzqIphFWNCdD69bDrCCZqP1Rd_6UA_E3ud92l1KA4P5odxDz3K09iQnua5JpLdEBewyMdt_mWpANdZpLMNb5R1Jn2izHBb2dK8rpwGBnrOnimtHE5B1wkzjNOgT26JlNMbC9_H_cbCu4a6Yhoy07ciTFjkegLWUhv9-JXJSSsCiBffZKiRIgdtAdy6yxu3vk9W5DbA5OCAEIo8yhDGV-BGxSEczgu9jomx25FirgBSlv4qOzNJ1JZgcAc7GCP_iRxmIiaEv1_XbVLlmCXlrER-bIDywNJRllFhCh4RYUubxea2nJg6EkcVXW

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=W-45geFL5-eroASvX10PHSRWxiz3vBOZS5qQcuB0FeBKiGjTA8HJwQEIoYqoj-lXmBni3wPgmk5dIzuiS6osGrdIyJXo-CTprhQm5BPr7y2u1naNyZomJcqdWDch0bzth7cAh-yE79UNimEfAFzcaEYTStENTGB46yBcigjuKng41SIaPSkULFta4E_56enjavS9jSprOVefhYgpEaPqPrtfbH5ryGCTjPa-IIpUrsMmk3fR0PjHj1mvB8ngCddyOfj7Y8P9zzRVEvIgts5GzijagRsdaZdFjUzzrFGo3-vVp_gw7b7dEEyOeb5d_PgI1Hh_kKWQRvQEwwr7Bcz1ac7XSMCFDehnkE_0OdEFC9PmFC40oeCjdWvjXUe1AYNYT_89NE50tFPwU9yJmYkdP7rUopQscc2z0_VovRFDScIWH-vhNHKA_A

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=0kv3aeQu0AIZ5edett7YB-IkR6f3PVyakvw8kqMiWfaV8gITi3jg-CbTa_KgoY7CHSsvVWiHeVBmbufzWjfqUnW7bhRl3MsAYY0rRHvqg5_KYe9LzjymLlM4vG9WrxdFoUBSYkmr4Iq7N5Hsqt99X1zcUufmVVV5eytwbtIU7E5dmLcMXQo50_d_NDoGo7QRmp5PlRocd0pS-lFojI_orOE8lYFy9-Hn9GEvIyOoe0xhIYUwHZQpaOk8UTHXgini47R4BWbzBFvXIiawAQvAZ8HDTxXf8nc1UNL-D5BcT24YMkB6CmMezooQxI9S6FcXE0rHUceKzgAlY0W58PgWV4dD1PCTC2MBVAKVQHj1qCU1C5p640L9A2g46ytIM1nv32MChw7S7duc0MvmlLDLULcUjZNz_mY9DTKJvN4

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=DEfRScw9Bs28YWT_33a3OhNmx7_NflrMKHdufmRC6X1QGg1voMdr4CmNFWKKiP2-N-zl5W0fWsxkOgOLNgMchpAgGNQE5CJpokW2bM-Nnwvj-DfE9t7impRqSL6kbM0J7H0q0RO-NN8NPjbuWXAQQFBDslnnT-tWMSfeNWMv8V2-o8kFl350DqTcQvsH7Ug546G4INxSMtJXNrqT2y8XzjVBOJDrmRKvOwpt7_pdEVnJPkC2GGJu6Qc6Rh3dOU6zHn9EQtRmiDbwDCyXHI48rKLMYlCwF9A54TV4HknXSg-WV7e3GceEobEz3IB_pz3ciYpheMreiOHBqw7dhUZgFTltCW8pqFdKYvqa0roURigMiRiRbpC9DbDCUfd7RIO8oEenNxrAZdLwpUpM_UUyGsm-hsSt3vkcRjZpZFa-OTy8JQ

http://www.mydownloadhome.com/.../2?pub_id=88&sub_id=Qaf33Me5Wi27cfHvE917qrHBOcq0OmaIztGKea1LDxGZJ8U9oVjRv0Xm6314exNc2rr_LAXzem3B6w7_UFh_HRahDnB7Nc53EWVrIHFyhaqVkeUr28TequoIdNS2k7Q4AEdwOMZEQmxPIgopxyY_JVPlrlc9IaSgmNzJGNna_q2gCWYunCCxyqK_cwEVvNEiVKTyAedbKelkshXbsDc-Cl0bG3R8MSa32WJ4Z_mj2UEYaiLq2CoMRCh2RIxavDLxUl4G6_Qwho5c7XDHIEo-qvZc15Om9UbbwpwHYO24ECFe_MsFRm1f-1YYzwYjKXn_2hIQmqg7NGiRH133C3v6Hx5AfWyn7-Ma_1P-5bOrDDwvz-Hzipjx2dv30vV3ThfXF9qBvSJjyKLpuN7Y4V1jUlKweQIRf0E0PwhaCPdeY-VKUA

https://install.oinstaller5.com/o/.../Setup.exe

http://secure.pn-installer3.com/o/.../Setup.exe

https://install.oinstaller9.com/o/.../Setup.exe

http://yourinstaller.com/o/.../Setup.exe

http://dbd.downloadvideoeditor.com/download/bin/.../setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.