home

magentsetup.exe

Mail.Ru Агент

LLC Mail.Ru

The application magentsetup.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Mail.Ru Agent 6.1 (build 6578) by Mail.Ru. The file has been seen being downloaded from rfr.agent.mail.ru and multiple other hosts.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Mail.Ru Агент

Version:
6, 1, 6578, 0

MD5:
d9e4b3cce768a4813c31ca6f0316585c

SHA-1:
0b427e3fd6754c605cd84b38a5952107fff87b4d

SHA-256:
102da965411ee00c74d72a3e36ed3f97c9b32c90241c384c268baf895d5d2bac

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:49:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.L
14.3.28.18

Sophos
RsMall
4.94

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
26094

File size:
30 MB (31,497,760 bytes)

Product version:
6, 1, 6578, 0

Copyright:
Copyright (C) 2001 - 2013

Original file name:
magentsetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\magentsetup.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 4:00:00 AM

Valid to:
2/7/2014 3:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
5/24/2013 7:00:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:ZGLYWBL0tTLctgMooiJTod3/dsqvANa07zj4:ZGVL0TLGooicBANaWg

Entry address:
0x11C402

Entry point:
E8, B8, DC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 45, 8C, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 5E, 0E, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 2A, 3B, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 99, 0F, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, F6, 8B, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD...
 
[+]

Code size:
1.9 MB (1,941,504 bytes)

Program Uninstaller
Program name:
Mail.Ru Agent 6.1 (build 6578)

Display publisher:
Mail.Ru

Display version:
6.1.6578.0

Uninstall string:
C:\users\{user}\appdata\roaming\mail.ru\agent\magentsetup.exe -uninstallcu


The file magentsetup.exe has been seen being distributed by the following 3 URLs.

http://rfr.agent.mail.ru/magent_rfrset.exe

http://rfr.agent.mail.ru/magentsetup_rfr1004.exe

http://rfr.agent.mail.ru/magent.exe

Remove magentsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.