» setupf.exe
Overview
Analysis
File Details

setupf.exe

BR SOFTWARE LLC

The application setupf.exe, “Acelerador de Downloads Setup ” by BR SOFTWARE has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.

File name:

setupf.exe

Publisher:

Acelerador de Downloads (signed by BR SOFTWARE LLC)

Product:

Acelerador de Downloads

Description:

Acelerador de Downloads Setup

MD5:

b241ead6055b03290e4ec96919e1f499

SHA-1:

a8c0542f6c976e2a74852a2e7030e000018f16c2

SHA-256:

669745e265da636c0456cd36b01e681faa179d70420ce62bf7308f92a5e1ca01

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 6:44:58 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/PcMega.E.2

7.11.49.64

avast!

Win32:Downloader-RDO [Adw]

2014.9-150915

AVG

Suspicion: unknown virus

2016.0.2985

ESET NOD32

Win32/Toolbar.Funmoods (variant)

9.7666

G Data

Win32:Downloader-RDO

15.9.22

Reason Heuristics

PUP.BR Software.BRSOFTWARE.Installer (M)

15.9.15.15

Trend Micro House Call

TROJ_GEN.F47V1011

7.2.258

Vba32 AntiVirus

Signed-Adware.InstallCore

3.12.18.3

File size:

2.6 MB (2,748,696 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\setupf.exe

Digital Signature

Signed by:

BR SOFTWARE LLC

Authority:

GlobalSign nv-sa

Valid from:

10/7/2012 12:09:51 PM

Valid to:

6/9/2015 3:58:43 PM

Subject:

CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112102230C0982E220E5F9C53BBC68858B38

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:TaD+06kK/0NCsZHQnRz+6Fp0/dsuxKQayj4pTDY7ZSe0Dwz1xU8s7:+aSZHQnRz+Ip0/JLayURMZ10DI1xUL7

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove setupf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.