home

Setup.exe

Application Software Program

OOO Digital Zone

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Application Software Program Setup ” by OOO Digital Zone has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Software Generic   (signed by OOO Digital Zone)

Product:
Application Software Program

Description:
Application Software Program Setup

MD5:
796f802b6937603ddf137bfd8ca27bc6

SHA-1:
51f16b0a2d68cd96e8de0acfb13ddee983efcee6

SHA-256:
001b82b5076397da84145a1f9451a7af42bf0a98fda69c884b30d7fea1147486

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/3/2024 1:22:25 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Trojan-gen
2014.9-150723

ESET NOD32
Win32/InstallCore.ZC potentially unwanted (variant)
9.11540

herdProtect (fuzzy)
variant of unconfirmed 770491.crdownload (Adware)
2015.7.23.23

Reason Heuristics
PUP.installCore.Installer
15.5.8.23

VIPRE Antivirus
Threat.4150696
39486

File size:
807.4 KB (826,736 bytes)

Product version:
4.1.4

Copyright:
Internet

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
OOO Digital Zone

Authority:
COMODO CA Limited

Valid from:
4/17/2015 7:00:00 PM

Valid to:
4/17/2016 6:59:59 PM

Subject:
CN=OOO Digital Zone, O=OOO Digital Zone, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
274A3723FDA07FABD1ED5F4B3D782B77

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:HqS1JOHtq+VRNIrkTQttZ6mL6OLvxhwa92riT:H31sdbNg1PFhOriT

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8199

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.