home

setup.exe

OOO

The application setup.exe by OOO has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from downlite.net and multiple other hosts.
Publisher:
OOO   (signed and verified)

MD5:
5ace242bce28c976fc56a73fe4445104

SHA-1:
fa7848b6c6191c31f1c445d4a01bfa6c07023e0b

SHA-256:
1b687916e5b1a00b6bc8360f631bc2d579794a644e40f858d3869e679c52fdbd

Scanner detections:
14 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/26/2024 4:15:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-131211

Bkav FE
W32.Clod46b.Trojan
1.3.0.4613

Comodo Security
Heur.Suspicious
17411

Dr.Web
Adware.Downware.1329
9.0.1.0345

ESET NOD32
Win32/OpenCandy
7.9150

F-Prot
W32/OpenCandy.A
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.174.10446

Malwarebytes
PUP.Optional.BundleInstaller
v2013.12.11.10

McAfee
Artemis!5ACE242BCE28
5600.7285

Reason Heuristics
PUP.Installer.OOO.F
14.3.1.4

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.131209

Sophos
OpenCandy
4.95

Trend Micro House Call
TROJ_GEN.R0CBH0AI113
7.2.345

VIPRE Antivirus
Adware.Privitize
24170

File size:
4.2 MB (4,358,400 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
OOO

Authority:
COMODO CA Limited

Valid from:
8/1/2012 8:00:00 PM

Valid to:
8/2/2015 7:59:59 PM

Subject:
CN="OOO ""Industry""", O="OOO ""Industry""", STREET="Vsevolzhsky 2, bld. 2", L=Moscow, S=Moscow, PostalCode=119034, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D139BDA20096871840DCE08E6A80B6F0

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:bu9E0w+YX+ArDaRNASCi/MYMqjO97vbNnLltB4:qHw+YXn7SRUYMSCvbNhg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9982

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following 42 URLs.

http://downlite.net/download.php?c=oc&n=Iron_Maiden_-_Dance_of_Death&b=

http://downlite.net/download.php?c=b3&n=Leonel_Garcia_-_Todas_Mias_(iTunes)_[2013]&b=

http://downlite.net/download.php?c=oc&n=Road_Rash_Bike_Game_(1996)&b=

http://downlite.net/download.php?c=oc&n=21_Jump_Street&b=

http://downlite.net/download.php?c=oc&n=Navigon_4.0__Android&b=

http://downlite.net/download.php?c=z&n=GPS-IGO-BR2014&b=

http://downlite.net/download.php?c=oc&n=Grand_Theft_Auto_San_Andreas&b=

http://downlite.net/download.php?c=b2&n=Downgrade_GTA_SA_v2_to_v1.0_[US_EU_GE]&b=

http://downlite.net/download.php?c=oc&n=PCSX2_0.9.7_.2661_._BIOS_._PLUGINS_&b=

http://downlite.net/download.php?c=z&n=Exhilarate_-_The_Ultimate_Zumba_Fitness_DVD_Experience_(2011)_(V&b=

http://downlite.net/download.php?c=b4&n=Cut_the_Rope_experiments-v1.0-JimmyHACK.ipa&b=

http://downlite.net/download.php?c=oc&n=Spin_Tires_\_Spintires_v.1.3&b=

http://downlite.net/download.php?c=b1&n=Just_Dance_4_(2012)_[Wii][PAL][MULTi5]&b=

http://downlite.net/download.php?c=oc&n=microsoft_office_2010&b=

http://downlite.net/download.php?c=tb1&n=The_Sims_3_-_Razor1911_Final_MAXSPEED&b=

http://downlite.net/download.php?c=oc&n=Runway_Cop_2012_KORFilm_XviD-ABC&b=

http://downlite.net/download.php?c=oc_new&n=Complete_Resident_Evil_Book_Collection_EPUB&b=

http://downlite.net/download.php?c=oc&n=LEGO_Lord_of_the_Rings_-_RELOADED_[ENG]_RePAck&b=

http://downlite.net/download.php?c=b2&n=Microsoft_Train_Simulator&b=

http://downlite.net/download.php?c=oc&n=AirMagnet_WiFi_Analyzer_8.0&b=

http://downlite.net/download.php?c=oc&n=TVO_-_The_Agenda,_April_1_2010:_Euthanasia:_Whose_life_is_it_any&b=

http://downlite.net/download.php?c=oc&n=Serious_Sam_-_The_Second_Encounter&b=

http://downlite.net/download.php?c=z&n=Microsoft_Diagnostics_and_Recovery_Toolset_(_MSDaRT_)_ERD5-6.5&b=

http://downlite.net/download.php?c=z&n=Scribblenauts.Unlimited-SKIDROW&b=

http://downlite.net/download.php?c=test2_bold&n=Pure_Country_2_The_Gift_2010_DVDRip_XviD-Faye&b=

http://downlite.net/download.php?c=test2_bnew&n=Juice_Leskinen_-_Kautta_aikain&b=

http://downlite.net/download.php?c=oc&n=A.Good.Day.to.Die.Hard.2013.RERIP.DVDRip.XviD-SPARKS&b=

http://downlite.net/download.php?c=oc&n=Pretty_Lights_-_A_Color_Map_Of_The_Sun_[MP3_320]&b=

http://downlite.net/download.php?c=test2_bnew&n=Hart.of.Dixie.S01.Kompl.SWESUB.HDTV.Happyviking&b=

http://downlite.net/download.php?c=oc&n=Mac_Miller_-_Watching_Movies_With_The_Sound_Off_(iTunes_Deluxe_V&b=

Latest 30 of 42 download URLs

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.