home

windows8_setup.exe

Windows 8 Installer

Downloadinfo

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application windows8_setup.exe, “Deploy Windows 8 along with various offers” by Downloadinfo has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Downloadinfo  (signed and verified)

Product:
Windows 8 Installer

Description:
Deploy Windows 8 along with various offers

Version:
Enterprise

MD5:
72aa07cb71ea4d454a9006cccbb920a2

SHA-1:
ca85fea59de69df60bf719d5147728188ba1085d

SHA-256:
65329897f31fd6d9f983e5f7eb8d81e9bdebdbf6d68401750d991ccc7c0e066e

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:36:59 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3203

Dr.Web
Adware.Downware.2133
9.0.1.040

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
9.10668

K7 AntiVirus
Unwanted-Program
13.185.13888

Malwarebytes
PUP.Optional.Downloadster
v2015.02.09.07

Reason Heuristics
PUP.Installer.Adlogica
15.2.9.19

File size:
1.2 MB (1,309,032 bytes)

Product version:
Enterprise

Copyright:
©DownloadInfo

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windows8_setup.exe

Digital Signature
Signed by:
Downloadinfo

Authority:
COMODO CA Limited

Valid from:
8/13/2013 8:00:00 PM

Valid to:
8/14/2015 7:59:59 PM

Subject:
CN=Downloadinfo, O=Downloadinfo, STREET=96 Jessie st 4th floor, L=SAN FRANCISCO, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0086FD7D8A08F1EAEB6084518153EB026C

File PE Metadata
Compilation timestamp:
8/27/2013 4:27:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:BKJpO06eDK14C2SLtgW5QCwgIImrox3k1d+EbzcguMv2+Mmar9TDijY:BNtwgIImMMd+Wz20VVWTD3

Entry address:
0x1073F0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 80, 56, 50, 00, E8, E4, 01, F0, FF, 8B, 0D, 9C, 15, 51, 00, 8B, 09, B2, 01, A1, F4, 48, 4C, 00, E8, C8, 8E, F5, FF, 8B, 15, 90, 16, 51, 00, 89, 02, A1, 9C, 15, 51, 00, 8B, 00, E8, CC, 26, F6, FF, A1, 9C, 15, 51, 00, 8B, 00, B2, 01, E8, 66, 45, F6, FF, 8B, 0D, 80, 13, 51, 00, A1, 9C, 15, 51, 00, 8B, 00, 8B, 15, 60, 8E, 4F, 00, E8, BE, 26, F6, FF, A1, 9C, 15, 51, 00, 8B, 00, E8, EA, 27, F6, FF, E8, 39, DB, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6782

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,074,176 bytes)

The file windows8_setup.exe has been seen being distributed by the following URL.

http://downloader2.downloadinfo.co/download.php?id=342a99c673e427f0b350ddf185c1f898ece8c579&z=2&p=eyJweSI6ImRpIiwicnMiOiJzYWZlIiwicnQiOiJzZWFyY2giLCJjIjoidXMiLCJvIjoid2luNyIsImIiOiJjaDMyIiwidV9pZCI6ImRpXzUyZGMwZjIyMTZmMDQ5LjQ0MTQ3NTgyIiwicGFfaWQiOiIyIiwic3RfaWQiOiIwIiwic3BfaWQiOiIwMDAwLTAwMDAiLCJ0cyI6MTM5MDE1MzUwNiwia3ciOiJpbnN0YWxsIHdpbmRvd3MgOCIsImN1IjoiaW5zdGFsbCB3aW5kb3dzIDgiLCJjYSI6bnVsbH0=

Remove windows8_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.