home

setup.exe

FrostWire

Download Assistant

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “FrostWire ” by Download Assistant has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Download Assistant   (signed by Download Assistant)

Product:
FrostWire

Description:
FrostWire

Version:
3.0.0.35

MD5:
c64a8780a8b1f53993b499d858c38c0c

SHA-1:
ffdaf94e0aa6e3ffff190851a11fe12112a214d9

SHA-256:
083d8ee159e71971d3cc5428f2a3854e616c5d42be1fb2db8c9333c9dcff9da6

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/28/2024 10:54:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.FX
506

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
3.6.1.96

avast!
Win32:Malware-gen
2014.9-150916

AVG
Generic
2016.0.2984

Bitdefender
Application.Bundler.FX
1.0.20.1295

Dr.Web
Trojan.Vittalia.4
9.0.1.0259

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
9.7.0.302.0

F-Secure
Application.Bundler.FX
11.2015-16-09_4

G Data
Application.Bundler.FX
15.9.24

herdProtect (fuzzy)
variant of installer_java_english.exe (Adware)
2015.11.18.14

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.186.14161

Malwarebytes
PUP.Optional.DownloadAssistant
v2015.09.16.12

Panda Antivirus
Generic Suspicious
15.09.16.12

Reason Heuristics
PUP.Air Software.DownloadAssistant.Bundler (M)
15.9.16.12

Sophos
AirInstaller
4.98

Total Defense
Win32/Tnega.MFfaER
37.0.11250

VIPRE Antivirus
Threat.4782985
33706

File size:
904.3 KB (926,048 bytes)

Product version:
3.0.0.35

Copyright:
(c) Download Assistant

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nxkjwlat\setup.exe

Digital Signature
Signed by:
Download Assistant

Authority:
VeriSign, Inc.

Valid from:
8/12/2014 8:00:00 PM

Valid to:
8/12/2016 7:59:59 PM

Subject:
CN=Download Assistant, O=Download Assistant, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6BC405E8AC962C676F54816BCC4D4311

File PE Metadata
Compilation timestamp:
10/23/2014 5:14:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:IVSEb1IFgnVTSRuz2kSOZc8Fx+jRjKaKoXYGHtLwGL6ZIS6rYrkjndy2euVf9Xmj:IDfnVTSgDxFx+jR9/hrsIXrtzfBvy

Entry address:
0x4ABBF

Entry point:
E8, 6E, 07, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 40, 09, 4A, 00, 00, 74, 05, E9, D1, 07, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Entropy:
7.2084

Code size:
455.5 KB (466,432 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.