home

set.exe

ExtManager

The application set.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Background Logic Handler”. While running, it connects to the Internet address host-197.199.253.140.etisalat.com.eg on port 80 using the HTTP protocol.
Product:
ExtManager

Version:
1.0.0.0

MD5:
d5761ab28d3fb74f0541aff540f3ac5a

SHA-1:
73a4ed51c80896fa4b2d6075d08dbfbd8fa17439

SHA-256:
aa8ed08911032a7791430a7446a623ca6e5f4eb1e39d4ab13c7d78cfe3e4befd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
3/12/2025 5:51:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Linkury (M)
17.3.3.2

File size:
3.6 MB (3,786,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
LogicHandler.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\logic cramble\set.exe

File PE Metadata
Compilation timestamp:
3/3/2017 7:07:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x39DC0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6276

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.6 MB (3,784,192 bytes)

Service
Display name:
Background Logic Handler

Service name:
backlh

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to host-197.199.253.140.etisalat.com.eg  (197.199.253.140:80)

Remove set.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.