home

setup.exe

Fileprotected

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application setup.exe, “Swift Installer ” by Fileprotected has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from secure.pn-installer9.com.
Publisher:
Swift Installer   (signed by Fileprotected)

Product:
Swift Installer

Description:
Swift Installer

Version:
2.4.8.1

MD5:
dc2b1c1ccaf3ed98447496fb4d88f993

SHA-1:
f365d8e8ba7331b98f1a3f6b438fccd63fc27641

SHA-256:
f1a2f9a4ae1a2eddc24cc869e34178ec54c5cdbbca09394486a7c25c97fc7116

Scanner detections:
30 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 7:43:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.35
373

AhnLab V3 Security
PUP/Win32.IBryte
2014.12.25

Avira AntiVirus
Adware/iBryte.bxpg
7.11.189.158

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160128

AVG
Adware AdPlugin
2017.0.2851

Bitdefender
Gen:Variant.Adware.Graftor.165252
1.0.20.140

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-763594
0.98/20218

Comodo Security
Application.Win32.Ibryte.NW
20469

Dr.Web
Trojan.iBryte.445
9.0.1.028

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.35
8.16.01.28.04

ESET NOD32
NSIS/TrojanDownloader.Adload.AG trojan
10.7.0.302.0

Fortinet FortiGate
W32/Adload.AG!tr.dldr
1/28/2016

F-Prot
W32/A-a1a6e5b1
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2016-28-01_5

G Data
Gen:Variant.Adware.Graftor.165252
16.1.24

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.202.15338

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.749

Malwarebytes
PUP.Optional.iBryte
v2016.01.28.04

McAfee
Program.IBryte-FSO
5600.6507

MicroWorld eScan
Gen:Variant.Adware.Graftor.165252
17.0.0.84

NANO AntiVirus
Trojan.Win32.IBryte.djoxrs
0.30.0.64448

Norman
Gen:Variant.Zusy.117133
11.20160128

nProtect
Trojan-Clicker/W32.iBryte.328568
15.01.02.01

Panda Antivirus
Trj/Genetic.gen
16.01.28.04

Reason Heuristics
PUP.Adknowledge.Fileprotected.Bundler (M)
16.1.28.4

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4798837
35224

Zillya! Antivirus
Adware.iBryte.Win32.3859
2.0.0.2015

File size:
114.8 KB (117,584 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2014 Swift Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Fileprotected

Authority:
COMODO CA Limited

Valid from:
7/13/2014 6:00:00 PM

Valid to:
7/14/2015 5:59:59 PM

Subject:
CN=Fileprotected, O=Fileprotected, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EFEBA775B69C3717980399C96E5323EC

File PE Metadata
Compilation timestamp:
5/11/2014 2:04:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:f0YBsBE3ain2Q5xq10DZYzI2L7L5Mkqq/uzEfk8l/:cnBTi2CRDZYzI2L7+j2k0

Entry address:
0x322E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, AF, 47, 00, E8, 9F, 2E, 00, 00, A3, A4, AE, 47, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, 01, 44, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 2E, 47, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, B0, 4C, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Entropy:
5.1038

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://secure.pn-installer9.com/o/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.