home

setup.exe

Games Bot

MADFLY FILMS LTD

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application setup.exe, “Setup Application” by MADFLY FILMS has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
MADFLY FILMS LTD  (signed and verified)

Product:
Games Bot

Description:
Setup Application

Version:
155.0.0.1703

MD5:
7e99cc6a5fae586f075d80b9d592da93

SHA-1:
f7775136653f883862b636c1ede63713cca0c233

SHA-256:
c2530714cda9125ead96ff5ed7c3d604199c9c0ef3dac88b1ae9e649393f4ca1

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
4/24/2024 8:15:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PMW
5690745

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/GigaClicks.78912
3.6.1.96

avast!
Malware-gen
2014.9-150425

Bitdefender
Adware.Agent.PMW
1.0.20.575

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/20376

Dr.Web
Trojan.Click3.10013
9.0.1.0115

Emsisoft Anti-Malware
Adware.Agent.PMW
9.0.0.4799

ESET NOD32
Win32/GigaClicks.AK potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/GigaClicks
4/25/2015

F-Secure
Gen:Variant.Adware.MPLug
11.2015-25-04_7

G Data
Adware.Agent.PMW
15.4.25

K7 AntiVirus
Adware
13.202.15614

Malwarebytes
PUP.Optional.GamesBot.A
v2015.04.25.02

McAfee
Program.Artemis!F652EA124A75
5600.6785

MicroWorld eScan
Adware.Agent.PMW
16.0.0.345

nProtect
Adware.Agent.PMW
15.04.17.01

Panda Antivirus
Trj/Genetic.gen
15.04.25.02

Reason Heuristics
Threat.Adpeak.Installer
15.4.24.22

Sophos
Generic PUA NN
4.98

Trend Micro House Call
Suspici.4749E76F
7.2.115

Trend Micro
TROJ_GE.1599109A
10.465.25

VIPRE Antivirus
Threat.4150696
39354

Zillya! Antivirus
Trojan.TDSS.Win32.43706
2.0.0.2144

File size:
2.6 MB (2,740,472 bytes)

Product version:
2.0.1.0

Copyright:
© MADFLY FILMS LTD

Trademarks:
Games Bot is a trademark of MADFLY FILMS LTD

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\ProgramData\application data\qnh\72356a1886a54daabbe06c0a97b024a1\setup.exe

Digital Signature
Signed by:
MADFLY FILMS LTD

Authority:
COMODO CA Limited

Valid from:
10/23/2014 8:00:00 PM

Valid to:
10/24/2015 7:59:59 PM

Subject:
CN=MADFLY FILMS LTD, O=MADFLY FILMS LTD, STREET=14 COURSE ROAD, L=ASCOT, S=BERKSHIRE, PostalCode=SL5 7HL, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E2E88502B3FC00E3791B6C2773993A8

File PE Metadata
Compilation timestamp:
10/7/2014 12:40:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:K8MMKHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6asZ:K8MMKHBQFQHph4CutpOlLhBcQDbNZblo

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9889

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.