» Setup.exe
Overview
Analysis
File Details

Setup.exe

TOV KOMSERV UKRAYINA

The file Setup.exe by TOV KOMSERV UKRAYINA has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

TOV KOMSERV UKRAYINA (signed and verified)

MD5:

1d5138aa340211553b320b165e7c1c2f

SHA-1:

f25bdae2260a16ee997236cac6a8495a8ef2d427

SHA-256:

4c932522507b6003b96eeca32e5e164bfd9d1368a7951a34d8fff4cade25bbae

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/19/2024 10:45:43 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

Avira AntiVirus

PUA/Outbrowse.Gen

7.11.212.228

avast!

OutBrowse-DE [PUP]

150101-1

AVG

Downloader

2016.0.3185

Dr.Web

Trojan.OutBrowse.58

9.0.1.05190

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

2/27/2015

K7 AntiVirus

Trojan

13.1915113

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

15.0.0.543

McAfee

Program.Adware-OutBrowse.e

16.8.708.2

NANO AntiVirus

Trojan.Win32.OutBrowse.dojhzi

0.30.0.296

Sophos

Generic PUA AE

4.98

Trend Micro House Call

Suspici.6F840C07

7.2.58

Vba32 AntiVirus

AdWare.OutBrowse

3.12.26.3

VIPRE Antivirus

Threat.4150696

37588

File size:

600.5 KB (614,928 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

TOV KOMSERV UKRAYINA

Authority:

thawte, Inc.

Valid from:

12/22/2014 4:00:00 PM

Valid to:

12/23/2015 3:59:59 PM

Subject:

CN=TOV KOMSERV UKRAYINA, O=TOV KOMSERV UKRAYINA, L=Kharkiv, S=Kharkiv, C=UA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

293DA2C0D82B35ED08F0011D51ECDA8C

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:+ZUuihjaB44ZoATF87V4swu1JLb+MI7gKAYGyaM9aAV:+ZLhu4/F8BTwu1JLbFTKNla6

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9450

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.