» setupbc.exe
Overview
Analysis
File Details
Network (2)

setupbc.exe

channel modern or and

Andrey Globin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application setupbc.exe by Andrey Globin has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

setupbc.exe

Publisher:

is of (signed by Andrey Globin)

Product:

channel modern or and

Version:

0.2.0.0

MD5:

622a915ffeb07afd0825fd3e80989287

SHA-1:

65425ecbe5e89877d361133abeebdbe89a098127

SHA-256:

c48b4541923f74beea7377db8f9b5e3dba50eeb80fe906539df7588f7815ae3a

Scanner detections:

34 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 3:49:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

356

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.Adware

2015.06.12

Avira AntiVirus

TR/Graftor.141601.A

8.3.1.6

avast!

Win32:MultiPlug-AZ [PUP]

2014.9-160213

AVG

Adware Generic_r

2017.0.2834

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.220

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-6737

0.98/20563

Comodo Security

Application.Win32.Multiplug.GETF

22418

Dr.Web

Trojan.Crossrider.17103

9.0.1.044

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

8.16.02.13.04

ESET NOD32

Win32/AdWare.MultiPlug.R application

10.7.0.302.0

Fortinet FortiGate

W32/Generic.AC.1814531

2/13/2016

F-Prot

W32/S-55467851

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper

11.2016-13-02_7

G Data

Gen:Variant.Adware.Dropper.103

16.2.25

IKARUS anti.virus

Trojan.Graftor

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.205.16218

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.667

Malwarebytes

PUP.Optional.MultiPlug

v2016.02.13.04

McAfee

Program.PUP-FIC

5600.6490

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

17.0.0.132

NANO AntiVirus

Riskware.Win32.Agent.cxvuow

0.30.24.2086

Norman

Gen:Variant.Adware.Dropper.103

11.20160213

Panda Antivirus

Trj/Genetic.gen

16.02.13.04

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

JS.MalScr.A

2.16.14.00

Reason Heuristics

PUP.WebPick.AndreyGlobin.Bundler (M)

16.2.13.16

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.16211

Sophos

PUA 'MultiPlug' (of type Adware)

5.15

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.0

VIPRE Antivirus

Threat.4150696

40828

Zillya! Antivirus

Backdoor.PePatch.Win32.38083

2.0.0.2219

File size:

875.4 KB (896,376 bytes)

Product version:

0.2.0.0

Original file name:

if reports databases

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\addons\setupbc.exe

Digital Signature

Signed by:

Andrey Globin

Authority:

COMODO CA Limited

Valid from:

9/18/2013 3:00:00 AM

Valid to:

9/19/2014 2:59:59 AM

Subject:

CN=Andrey Globin, O=Andrey Globin, STREET=Gagarina 4, L=Kiev, S=Kiev, PostalCode=02094, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6534084D6A4B724011508EF1B5AD13D6

File PE Metadata

Compilation timestamp:

5/12/2014 10:12:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:DcHPsp5CwZSF+ijPxr9uN90KN8+rWBa0RF3scfGPSlvyTneoNzZi5hNXBTwC5/:DSErZSvr9u91Nr43szukNzZiBRw0

Entry address:

0x108BB

Entry point:

E8, CE, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 30, 21, 42, 00, E8, AF, 20, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, 61, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

103 KB (105,472 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

TCP (HTTP):

Connects to c1.stylezip.info (54.186.255.26:80)

http://c1.stylezip.info/?step_id=1&installer_id=67920820&publisher_id=792&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=203762460&external_id=0&session_id=407524920&hardware_id=475445740&installer_file_name=setupbc

Remove setupbc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.