» amigo_setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (3)

amigo_setup.exe

Amigo

LLC Mail.Ru

The executable amigo_setup.exe has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program DevID Agent by DevID. The file has been seen being downloaded from 91.194.162.11 and multiple other hosts.

File name:

amigo_setup.exe

Publisher:

LLC Mail.Ru (signed and verified)

Product:

Amigo

Version:

32.0.1725.115

MD5:

116046f0563f48b6e6cf012b6cff3d75

SHA-1:

3f299ba2c56d830059b51e44efea1577b651e8a7

SHA-256:

cf21c095d4c4a1c7ae41c8f38dc6456b01e114248068abdbd4241e26b7eeaeca

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 12:40:51 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.MailRu.Installer.Meta

15.7.15.21

File size:

42.8 MB (44,835,384 bytes)

Product version:

32.0.1725.115

Mail.Ru

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\amigo_setup.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

Thawte, Inc.

Valid from:

8/20/2014 5:00:00 AM

Valid to:

8/21/2015 4:59:59 AM

Subject:

CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

169A089D186F350CBB6B5EC62D8A59AB

File PE Metadata

Compilation timestamp:

7/14/2015 6:09:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

786432:+5KSzB+t8H52kz/YE1oktBQkbR/Pki43uSNj9FKrl5V/sNfmjAWL62D/sY:AjB+Cwkzok2kNnH4BQrzV/sYAWL4Y

Entry address:

0x38E0

Entry point:

6A, 00, FF, 15, B0, 10, 40, 00, 50, E8, C2, F8, FF, FF, 83, C4, 04, 50, FF, 15, AC, 10, 40, 00, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 01, 85, C0, 74, 09, 83, 79, 10, 01, 7C, 03, 8B, 00, C3, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 33, F6, 85, FF, 74, 28, 8B, 5D, 08, 8B, 45, 0C, 2B, D8, 0F, B7, 0C, 03, 66, 85, C9, 75, 05, 66, 39, 08, 74, 12, 0F, B7, 10, 66, 3B, CA, 72, 11, 77, 17, 46, 83, C0, 02, 3B, F7, 72, E0, 5F, 5E, 33, C0, 5B, 5D, C3, 5F, 5E... 
[+]

Packer / compiler:

FASM v1.3x

Code size:

13.5 KB (13,824 bytes)

The file amigo_setup.exe has been discovered within the following program.

DevID Agent by DevID

About 6% of users remove it

The file amigo_setup.exe has been seen being distributed by the following 3 URLs.

http://91.194.162.11/.../AmigoDistrib.exe

http://ds5.youfile.org/

http://amigobin.cdnmail.ru/AmigoDistrib.exe

Remove amigo_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.