» setup.exe
Overview
Analysis
File Details
Downloads (14)

setup.exe

SmartPCFixer

LionSea Software co., ltd

The application setup.exe, “SmartPCFixer Setup ” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.bitsfarmclean.com and multiple other hosts.

File name:

setup.exe

Publisher:

LionSea Software co., ltd (signed by LionSea Software co., ltd)

Product:

SmartPCFixer

Description:

SmartPCFixer Setup

MD5:

b8913f1d6cf2b9a7a83d4d047c792a03

SHA-1:

fe8c83e2a186852136b8f3a72958cbb08b2f1d73

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 7:53:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Installer.F

14.6.7.6

File size:

4.5 MB (4,668,744 bytes)

Product version:

5.2

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

LionSea Software co., ltd

Authority:

VeriSign, Inc.

Valid from:

2/21/2013 6:00:00 PM

Valid to:

3/23/2016 6:59:59 PM

Subject:

CN="LionSea Software co., ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

288A6842C331C5443D747BDABF31E2A3

File PE Metadata

Compilation timestamp:

12/20/2011 8:16:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:vJFiD0aMnMkGn2sarnt8YhHghYY1roonqCSivutv/57M/AY7SPzgkHUrRqW:xFWdAsarneKghwonY5S/AYu8p9qW

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9918

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file setup.exe has been seen being distributed by the following 14 URLs.

http://www.bitsfarmclean.com/31p1BRMeS UYofAMDFadx 1DzsJbS7oM2bo0JiHeYk6RN4JKRqJx5dxZn0eMhiySQC9fWTpxcptg31km0gbfM7bdbibD8FzzHpcvG7VG56K OgEjJpE qOk2caWiltrsr8l2uRhZ5QOubUmyKd0lKJie4avqAH4VCY3qgjSkWNI6_O08_PxgGeMKEo0ldk0PXyqN92qg2VAiLBuPDZsGGuezSFcSUg==-G1UAAGRgnq2tAUxysw_YgAOXxLIHHNCGjbGzRaFZxvc9JwF oWnfj3Y1MongqgXPBnwjXG o 3fy84pVbhnTQJooja7JdPw9Ay cAehElGAoAsVplgA=

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1477387562&Signature=ZLD-LdHWzLulQb3hZzUiOS-1xoXBUW5gnrUHaLFetsxlef7~ZUAfdcorz6za3AoluiB0aGSiQpp9Qe9j7uvWIJQF-eWeJFHTVsQ5~99tNZO5xzXYHY3vc1r22Bgk23NOtFnQ3fVSD7OYqI4NKarZ0nL7bxh4UA0da0ChFLKhfds_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1470440062&Signature=fHixQJmx6e0Dna8UX2eka6DB~t~JzuRWZXUuoKicD0oO-uky40lNjGv2NfWXHkkmOw3yaVJDy2GA0bn4JTgrV3MnVHiYLrqnsqSRtPVLsNvS7yXrSom1FbJ9c6pelqkZqqoDAtnAzdkK71TjzI5QLxvr3uPeTkF3cJT4Fc42MZA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1463077271&Signature=eFUqUQdEZ5yxmT~kt4iXPOEOULwWklv3K7lCMd5dezWVrxur9Y~kqFQdiAYV7zJArR9WQlDJ7JW6~gVVg9TAx62yiGTqWsHBllB7pBjla9ZmbUVDw~IX4DzIGSIx6sH2n8I4Epjj2~~Ujq1CigW6pz9dSGZblxKIxIfObO9Z4hM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1461921871&Signature=ZdoKF2iOUnRxtspnuCjo2itecmGHquW27fMiSuZZrEmao4OV~DOqmtUQQBkvjfGqiue6VvKewkdFpHCVRZn0gZoQyLfJND6gf5-MwLR2MwuPtJHpihZkqawgxLQW~rMpdwdXnMS0oeGpcD8pDrOpBpOVPXSJF~3qNy3oQEvMaT4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1435674074&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=DGpwssbi8bykKZ9lgKnJpyrywvbqmFSekUs7qdRGdVWHQvrvpsQYAvzaLlHVESpo8InaiQw~7axxiHq-6-5s0XJaIAl1sbWN6ddS2iyrQe0OAwLZz7ud4sAbcOu0lNnSBDTB91JPLreeOREUk6AsTZLT4GUg-8zo05FzhiySqVU_&filename=setup.exe

http://fastdownloaders.com/lps/.../download.php?uid=1b419ee5cfc84bff975bd98719382623

http://gsf-cf.softonic.com/fe8/c83/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69685162&instance=softonic_en&type=PROGRAM&Expires=1423372109&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=ecljnDemiQIybKavBwjORROxFnI0-i~bPqumwdmyYGunDcKbOA5ziOEQfab~dsgxIbjAt~n3~4qSozkbfxzI4rJPp0kBqLFhW5A13KQf0EfcAayqKJTdk-qAXz1KoaZqym-TgiU3dymd32aF4kI0JD1ocNlw7Y9Gvl0BLPzyeRA_&filename=setup.exe

http://www.smartpcfixer.com/hop.php?hop=lionsea&tu=download

http://c9426epi1gr12uaqy0sh47t61z.hop.clickbank.net/hop/?CBRehoppp2=http://.../hop.php?hop=lionsea&hstr=1401993509679|lionsea.zhou||7znlekgcz2|smartpcfix&code={}&key=B188FD8E&parms=tu=download&s=default&ds=0

http://c9426epi1gr12uaqy0sh47t61z.hop.clickbank.net/?tu=download&tid=zhou

http://download.smartpcfixer.com/.../setup.exe

q=http://c9426epi1gr12uaqy0sh47t61z.hop.clickbank.net/?tu=download&tid=zhou&redir_token=7zGrvs47gz7f68YYTE5AlkRta-18MTQwMjA3OTg5NEAxNDAxOTkzNDk0

http://www.smartpcfixer.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.