home

flvplayersetup.exe

Setup Factory 7.0 Runtime

The executable flvplayersetup.exe, “Setup Application” has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from s10135.chomikuj.pl.
Product:
Setup Factory 7.0 Runtime

Description:
Setup Application

Version:
7.0.6.1

MD5:
686a338fa92e232b6f53a4a29be9c2e3

SHA-1:
d31045da8c5bbce4595531126203611168dd1d19

SHA-256:
3d4fdd653245a41de741a24a9450c8000d2fc41a8289d3089365578dbcc7d4bb

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
1/13/2025 1:34:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6622.0

File size:
2.5 MB (2,642,840 bytes)

Product version:
7.0.6.1

Copyright:
Setup Engine Copyright © 2004-2006 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf70_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\documents and settings\p k p\pulpit\flvplayersetup.exe

File PE Metadata
Compilation timestamp:
1/29/2007 9:17:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Wi9lwFQsIr/ptblw8i6MJFpzLULStGsI4ugE7odPpT2:Dvw12/pjw8Ud4j3hQPk

Entry address:
0x1E64

Entry point:
60, FF, C1, 0F, BF, E9, 1A, FB, 0F, B6, E8, 81, FB, 99, E3, 00, 00, 74, 05, 4B, 87, EA, 8A, C2, 0C, E3, 87, DD, 3B, F2, 3B, F5, 74, 08, 43, 85, C9, 15, B4, DF, D6, AF, 3D, 25, 43, 00, 00, 77, 02, 0C, 74, 80, C8, C4, 8B, ED, 8D, 15, BB, 08, B6, 8B, 8A, F4, FE, C4, 80, DA, B2, E8, 13, 00, 00, 00, 19, CB, C6, C7, 08, F2, 75, 05, 0F, AF, F8, 86, F4, 81, FD, 31, F2, 00, 00, 76, 0C, 81, EB, 78, 5A, 03, 2D, C7, C1, 08, 09, 0C, 81, 72, 04, 49, 80, EF, E3, 8D, 3D, 2F, CD, 76, 59, 13, FB, FE, C0, 8D, 15, EE, 2C, 03...
 
[+]

Code size:
20 KB (20,480 bytes)

The file flvplayersetup.exe has been seen being distributed by the following URL.

http://s10135.chomikuj.pl/File.aspx?e=3c2inMmtBj0_VL9x8Y0jgh5Fhj0HWpVOPbuQNmfyOKEwKC81NA3R8D647a2vJE3s4nCPFyQr_vwJ4OJsuhV97wWlP1AWwPkZBrRqUzgPLBTQFJ4fZAV-keOa_tOfcKyZUD1ZFKc3ii67T9p8U2jddA&pv=2

Remove flvplayersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.