setc.exe

MY SECURITY CENTER LTD

The application setc.exe by MY SECURITY CENTER has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘setc’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.
Publisher:
MySecurityCenter  (signed by MY SECURITY CENTER LTD)

Version:
1.0.0.0

MD5:
fb1e595cbde598205867bb4fb2696a0a

SHA-1:
3c3b9671f4c453d07f936215d8b0c3999060e63b

SHA-256:
6d3639f4966afa3c31cdffca4445da821a2b1350852900deb45997e8bd3074dc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:04:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup
15.1.12.12

File size:
383.8 KB (393,040 bytes)

Product version:
1.0.0.0

Copyright:
(c) MySecurityCenter. All rights reserved.

Original file name:
SetCookie.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mysecuritycenter\programs\setc.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
5/17/2012 2:00:00 AM

Valid to:
7/21/2015 2:00:00 PM

Subject:
CN=MY SECURITY CENTER LTD, O=MY SECURITY CENTER LTD, L=West Drayton, C=GB

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02B405245A6E01DE7848F7C55FC3BCC7

File PE Metadata
Compilation timestamp:
3/13/2007 1:03:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:KfW/j0oiC6FdN+MTr/a2NgZqoXdb38bmewwt7WDovjGohkzj58:ViC6PTr/3NgLd4bVjt7WDocS

Entry address:
0x2AABE

Entry point:
E8, 48, 57, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 00, 68, 45, 00, 75, 02, F3, C3, E9, C8, 57, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 81, 16, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 1D, 5D, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 5C, 16, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 87, 58, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00...
 
[+]

Entropy:
6.2770

Code size:
264 KB (270,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
setc

Command:
C:\Program Files\mysecuritycenter\programs\setc.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to radon.mysecuritycenter.com  (5.9.49.73:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 52.57.155.104.bc.googleusercontent.com  (104.155.57.52:443)

Remove setc.exe - Powered by Reason Core Security