» Setup.exe
Overview
Analysis
File Details

Setup.exe

LTD SEVEN TRANS GROUP

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by LTD SEVEN TRANS GROUP has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

LTD SEVEN TRANS GROUP (signed and verified)

MD5:

d1696f51ed1f815e109ee0d62d26d476

SHA-1:

f3342ef1166acb4fc906d55b9d0fc7b6311ecb2d

SHA-256:

fda0403d62ff900712888f3dcf2f420230b5f1ecaf93d9a09be4fbd180a11af3

Scanner detections:

9 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/29/2024 4:04:53 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/Bundlore.Gen

7.11.212.102

avast!

Win32:Malware-gen

150203-1

AVG

Generic

2016.0.3184

ESET NOD32

Win32/Bundlore.S potentially unwanted (variant)

9.11228

K7 AntiVirus

Unwanted-Program

13.1915118

Norman

InstallMonstr.CERT

11.20150224

Reason Heuristics

PUP.Bundlore

15.3.1.12

Sophos

PUA 'Bundlore'

5.11

VIPRE Antivirus

Threat.4150696

37588

File size:

284.5 KB (291,376 bytes)

Bundler/Installer:

Bundlore Downloader

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

LTD SEVEN TRANS GROUP

Authority:

COMODO CA Limited

Valid from:

2/22/2015 4:00:00 PM

Valid to:

2/23/2016 3:59:59 PM

Subject:

CN=LTD SEVEN TRANS GROUP, O=LTD SEVEN TRANS GROUP, STREET="VIDRADNYJ avenue, 95С, office 310", L=Kyiv, S=Kyivskaya, PostalCode=03061, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

68DF49B9481F1982C30D5C91387AA7AF

File PE Metadata

Compilation timestamp:

2/23/2015 7:40:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:k3uUvmeuOfq7I8ihT2pqQ4AY786/3AwJ2gdeJxJxtYd6F62/GN6Sok21JQIIBKSB:Au+u2QN4AY7V3Qqc609STJ3BK5reb

Entry address:

0x2FCA

Entry point:

E8, 0D, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, AD, 41, 00, E8, 70, 2D, 00, 00, E8, DE, 49, 00, 00, 0F, B7, F0, 6A, 02, E8, A0, 47, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5F, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.0041

Code size:

77 KB (78,848 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.