home

windows7yapi76007601buwindowskopyasi0r.exe

Setup Factory Runtime

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application windows7yapi76007601buwindowskopyasi0r.exe, “Setup Application” by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Setup Factory installer.
Publisher:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.  (signed and verified)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.1.0.0

MD5:
5a7a54cdc99f4744d83cdf4608a8a666

SHA-1:
e414bd8fadea8b6b2dfe97599d4476f748ea09e7

SHA-256:
6740f0d0c39a1a6e0981708996857dda85d9932fe16174a9e0ab671affcb33b8

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
4/19/2024 12:03:10 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2950

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/PopiTV.A potentially unwanted
9.11391

McAfee
Artemis!5A7A54CDC99F
5600.6606

Reason Heuristics
PUP.Amonitize.Deyyazilimveinternethizmetlerisanticsti.Installer (M)
15.10.20.19

Trend Micro House Call
Suspicious_GEN.F47V0219
7.2.293

File size:
2.9 MB (3,051,872 bytes)

Product version:
9.1.0.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windows7yapi76007601buwindowskopyasi0r.exe

Digital Signature
Signed by:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

Authority:
COMODO CA Limited

Valid from:
3/12/2014 2:00:00 AM

Valid to:
3/13/2015 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
6/14/2012 7:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:zShySkASzCNzcvi57bxUxw2d6uIcc3Iy2MmppRhPGaSsb3MtVKy2hv:mqBQzcahitd6uxcKjnzOaSsb8tVIhv

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

Remove windows7yapi76007601buwindowskopyasi0r.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.