» setup.exe
Overview
Analysis
File Details

setup.exe

Paycom Media, S.L.

The application setup.exe by Paycom Media, S.L has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

setup.exe

Publisher:

Paycom Media, S.L. (signed and verified)

MD5:

49490b92dc079d3ac9871d808578255c

SHA-1:

f09b94bb1b1c1e29abf96e9d07f22ff1b8491e69

SHA-256:

cb0c37ceab6afefb658059ad81b3e883395d2d63a115a72090cb61eef975fc69

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/24/2024 11:17:12 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.InstallCore.55

9.0.1.05190

ESET NOD32

Win32/InstallCore.AH potentially unwanted application

8.0.319.0

Reason Heuristics

PUP.PaycomMe.Installer (M)

16.5.30.13

File size:

1016.9 KB (1,041,272 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

Paycom Media, S.L.

Authority:

VeriSign, Inc.

Valid from:

3/19/2012 12:00:00 AM

Valid to:

3/19/2013 11:59:59 PM

Subject:

CN="Paycom Media, S.L.", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Paycom Media, S.L.", L=Madrid, S=Madrid, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2FADC58FEA37F310A0F6E40CECBD0B6A

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:3i84nFRtjHlaa8RYPg69Nr8H/apQqtRy:3SnFRNFYaNr

Entry address:

0xC96E0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 94, 35, 41, 00, E8, 96, DE, FF, FF, 0C, 24, 8B, D7, 8B, C5, E8, 71, FD, FF, FF, 8B, 04, 24, 83, 38, 00, 74, 28, 8B, 04, 24, 8B, 40, 04, 01, 43, 08, 8B, 04, 24, 8B, 40, 04, 29, 43, 0C, 83, 7B, 0C, 00, 75, 10, 8B, C3, E8, 9A, FA, FF, FF, EB, 07, 8B, 04, 24, 33, D2, 89, 10, 83, C4, 14, 5D, 5F, 5E, 5B, C3, 90, 53, 56, 57, 83, C4, EC, 8B, F9, 89, 14, 24, 8D, 98, FF, 3F, 00, 00, 81, E3, 00, C0, FF, FF, 8B, 34, 24, 03, F0, 81, E6, 00, C0, FF, FF, 3B, DE, 73, 5B, 8B, CF, 8B, D6, 2B, D3... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

817.5 KB (837,120 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.