» Setup.exe
Overview
Analysis
File Details

Setup.exe

Application

OOO Next Point

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Application Setup ” by OOO Next Point has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

Installer Web software (signed by OOO Next Point)

Product:

Application

Description:

Application Setup

Version:

1.2.5.5

MD5:

cd3e86635a55cef62f17124a5b71b5ea

SHA-1:

7abb43f80654d8baf249385a2b60f48dc7c606ea

SHA-256:

f98c3fe743def182b52c0b3a3d87aec1bb739b0900dc20b2b4069137dbb552b3

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/12/2024 10:40:09 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Malware-gen

150521-0

AVG

Adware InstallCore.AHV

2014.0.4311

Dr.Web

Trojan.InstallCore.534

9.0.1.05190

ESET NOD32

Win32/InstallCore.YK potentially unwanted application

7.0.302.0

K7 AntiVirus

Adware

13.204.16003

NANO AntiVirus

Riskware.Win32.InstallCore.dqvwua

0.30.24.1636

Reason Heuristics

PUP.installCore.Installer

15.5.22.14

VIPRE Antivirus

Threat.4150696

40432

File size:

782.6 KB (801,424 bytes)

Product version:

3.1.7

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

OOO Next Point

Authority:

COMODO CA Limited

Valid from:

3/23/2015 6:00:00 PM

Valid to:

3/23/2016 5:59:59 PM

Subject:

CN=OOO Next Point, OU=OOO Next Point, O=OOO Next Point, STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

347CF1F72926F17F233ABEB3001C4438

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:10xpymbFzLmbeAdZCEhKTxyYkqPHMtmElyt452aBGjKwCxVCeeRlh1emn/ch:10xMWX2dZCI34ZHU8j1emnk

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.6740

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.