Setup.exe

Application

OOO Next Point

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file Setup.exe, “Application Setup ” by OOO Next Point has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Installer Web software   (signed by OOO Next Point)

Product:
Application

Description:
Application Setup

Version:
1.2.5.5

MD5:
cd3e86635a55cef62f17124a5b71b5ea

SHA-1:
7abb43f80654d8baf249385a2b60f48dc7c606ea

SHA-256:
f98c3fe743def182b52c0b3a3d87aec1bb739b0900dc20b2b4069137dbb552b3

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/12/2024 10:40:09 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Malware-gen
150521-0

AVG
Adware InstallCore.AHV
2014.0.4311

Dr.Web
Trojan.InstallCore.534
9.0.1.05190

ESET NOD32
Win32/InstallCore.YK potentially unwanted application
7.0.302.0

K7 AntiVirus
Adware
13.204.16003

NANO AntiVirus
Riskware.Win32.InstallCore.dqvwua
0.30.24.1636

Reason Heuristics
PUP.installCore.Installer
15.5.22.14

VIPRE Antivirus
Threat.4150696
40432

File size:
782.6 KB (801,424 bytes)

Product version:
3.1.7

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/23/2015 6:00:00 PM

Valid to:
3/23/2016 5:59:59 PM

Subject:
CN=OOO Next Point, OU=OOO Next Point, O=OOO Next Point, STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
347CF1F72926F17F233ABEB3001C4438

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:10xpymbFzLmbeAdZCEhKTxyYkqPHMtmElyt452aBGjKwCxVCeeRlh1emn/ch:10xMWX2dZCI34ZHU8j1emnk

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.6740

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove Setup.exe - Powered by Reason Core Security