home

active.exe

Setup Factory 7.0 Runtime

The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from xmeye.net.
Product:
Setup Factory 7.0 Runtime

Description:
Setup Application

Version:
7.0.1.0

MD5:
0bffdd6a5d49281cdd3cae3bb268beeb

SHA-1:
301628ca4fa15ab85a959a130660d485787db306

SHA-256:
1e15c03973d51262189159a205ce31d8c61e11a9eea938d6412db1537e99baee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 11:45:01 AM UTC  (today)

File size:
3 MB (3,122,539 bytes)

Product version:
7.0.1.0

Copyright:
Setup Engine Copyright © 2004 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf70_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\active.exe

File PE Metadata
Compilation timestamp:
10/13/2004 5:10:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:0rnl8eODFYxOklWyQlYYuau6Pc3k3jYJ8s1LCK8DiT77AI6B/4iMD:cnZSYxOwFQiYua5PSk388s1H8D87UB/4

Entry address:
0x1D9D

Entry point:
FF, C8, 8A, D9, 11, DE, C6, C2, 1D, 48, F7, C1, F8, BC, F4, 0F, 84, CB, F3, B0, 4C, 84, CA, 0F, BE, C6, 4B, C6, C4, 0C, 8D, 2D, 95, E6, 56, 47, 19, F8, 0F, BF, D3, 8D, 31, 88, D8, 0F, B7, CE, 73, 0F, C7, C5, FD, 8C, 53, CB, 0F, AF, D0, 8D, 15, C4, EE, CA, E2, 2B, FE, 87, D1, 73, 0A, 85, C0, 8B, E9, 8D, 3D, 82, 9C, E6, 55, 89, C2, 13, D0, 85, D3, C7, C6, EF, 14, 96, BB, E8, 00, 00, 00, 00, 48, 69, C5, 04, 87, 52, 7B, 0F, BE, E9, F3, F7, C0, 49, 77, E4, 59, C6, C0, B9, B9, EF, 11, 00, 00, 86, E2, 81, F1, FF...
 
[+]

Code size:
20 KB (20,480 bytes)

The file active.exe has been seen being distributed by the following URL.

http://xmeye.net/download/.../Active.exe

Scan active.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.