movier_setup.exe

Software

The application movier_setup.exe, “Software Setup ” has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download1592.mediafire.com and multiple other hosts.
Product:
Software

Description:
Software Setup

MD5:
2c5026da1303f2b58a4c9eee56073e6f

SHA-1:
d28f396123d996d9af0506b8abe1fc632222823f

SHA-256:
96a560dd4b1f08ed0e638061cf0fda55c2fc762ef5a63b4cb8d94c69c91d81e0

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 10:48:30 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15128

ESET NOD32
Win32/InstallCore.VC (variant)
9.11073

McAfee
Artemis!2C5026DA1303
5600.6872

NANO AntiVirus
Riskware.Win32.InstallCore.djeebx
0.30.0.64812

Trend Micro House Call
Suspicious_GEN.F47V0109
7.2.28

File size:
740.9 KB (758,638 bytes)

Product version:
4.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\movier_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:OevpiiuFSci0L9Z5Isy52Tr0UKKoSffbqbgjme+ztQo1vHOZ+1Hj8jb4qz4:OevhkrBLHs230UVfGbgShtt10+1Yjw

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8836

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file movier_setup.exe has been seen being distributed by the following 11 URLs.

http://download1592.mediafire.com/pmsd2joz8eog/.../Movier_Setup.exe

http://download1592.mediafire.com/6bo4vuqjicag/.../Movier_Setup.exe

http://download1592.mediafire.com/osay40o978gg/.../Movier_Setup.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../Movier_Setup.exe

http://download1592.mediafire.com/dttc9vyuhzjg/.../Movier_Setup.exe

http://download1096.mediafire.com/mx5m7658tk9g/.../Movier_Setup.exe

http://ziggi.uol.com.br/.../94027

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-232-235-7.sa-east-1.compute.amazonaws.com  (54.232.235.7:80)

TCP (HTTP):
Connects to ec2-52-67-76-234.sa-east-1.compute.amazonaws.com  (52.67.76.234:80)

TCP (HTTP):
Connects to ec2-34-198-66-66.compute-1.amazonaws.com  (34.198.66.66:80)

Remove movier_setup.exe - Powered by Reason Core Security