home

setup.exe

Conversionads

The application setup.exe by Conversionads has been detected as adware by 25 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from moozymp3.com and multiple other hosts.
Publisher:
Conversionads  (signed and verified)

MD5:
5398f1d816b55b25a938b15cf0edcff3

SHA-1:
f9d717c2ad8987b81fd4264a6710ddbdd8d0d5bc

SHA-256:
7b0e33c1e9f53ed703a81fe4430baac0a87217e82b78e7435ed666dda26eece6

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 6:34:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.350440
1078

AhnLab V3 Security
PUP/Win32.InstallCore
2013.12.30

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.122.174

AVG
Agent.F
2015.0.3556

Bitdefender
Adware.Generic.350440
1.0.20.265

Bkav FE
W32.Clod966.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17518

Dr.Web
Adware.InstallCore.80
9.0.1.053

Emsisoft Anti-Malware
Adware.Generic.350440
8.14.02.22.08

ESET NOD32
Win32/InstallCore.AZ (variant)
8.9190

Fortinet FortiGate
W32/InstallCore.A
2/22/2014

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

F-Secure
Adware.Generic.350440
11.2014-22-02_7

G Data
Adware.Generic.350440
14.2.22

K7 AntiVirus
Trojan
13.174.10656

Malwarebytes
PUP.Optional.InstallCore.A
v2014.02.22.08

McAfee
Artemis!5398F1D816B5
5600.7212

MicroWorld eScan
Adware.Generic.350440
15.0.0.159

NANO AntiVirus
Trojan.Win32..cpmbsw
0.28.0.57029

Reason Heuristics
PUP.Installer.Conversionads.F
14.8.7.23

Rising Antivirus
PE:Trojan.Win32.Generic.13E30073!333643891
23.00.65.14220

Sophos
Conversion Ads
4.96

Trend Micro House Call
TROJ_GEN.R0CBB01II13
7.2.53

VIPRE Antivirus
Trojan.Win32.Generic
24876

ViRobot
Trojan.Win32.A.InstallCore.1235104
2011.4.7.4223

File size:
1.2 MB (1,235,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Conversionads

Authority:
COMODO CA Limited

Valid from:
5/30/2012 9:00:00 AM

Valid to:
5/31/2013 8:59:59 AM

Subject:
CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:I4IFLhZ34bUWVmUsCFE6I+mXexvqr1ygqWccxWt0zf+DO:I4IFLhZwNVmUsC26I+mOxvqr18SxWt0n

Entry address:
0xD5540

Entry point:
55, 8B, EC, 83, C4, F0, B8, 0C, D4, 40, 00, E8, 93, F5, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7699

Code size:
866 KB (886,784 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://moozymp3.com/.../download.php?tid=211

http://www.download-online-videos.com/geo/gd/downloads/vGrabber/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.