» setc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

setc.exe

Europe Capital Ltd

The application setc.exe by Europe Capital has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘setc’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.

File name:

setc.exe

Publisher:

MySecurityCenter (signed by Europe Capital Ltd)

Version:

3.0.0.2

MD5:

ac7b1bce3b13dd9a97522a4086379d3c

SHA-1:

936cb794cd0ec9aa757b650683acab6358536fc6

SHA-256:

68ff4906c4dfc490e2ce78880b458c8eadc01eb54342d5b5a63779a9429ee5a6

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 2:03:11 AM UTC (today)

Scan engine

Detection

Engine version

Norman

Mediyes.J

11.20150522

Reason Heuristics

PUP.Optional.Startup

15.6.7.12

File size:

380.6 KB (389,736 bytes)

Product version:

3.0.0.2

Original file name:

SetCookie.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mysecuritycenter\programs\setc.exe

Digital Signature

Signed by:

Europe Capital Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/6/2006 1:00:00 AM

Valid to:

11/3/2007 12:59:59 AM

Subject:

CN=Europe Capital Ltd, O=Europe Capital Ltd, L=London, S=London, C=UK

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

7DA634581E16234C29CBD9697704B49A

File PE Metadata

Compilation timestamp:

7/6/2007 3:20:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:ISNX0mkKTKXzgtPlV8oD+bJ/dVo1b30FNf7JOC+Bky0m:OKttNV88+V/dy1Ab8C+B

Entry address:

0x2AD8E

Entry point:

E8, 78, 58, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 00, 68, 45, 00, 75, 02, F3, C3, E9, F8, 58, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, B1, 17, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 91, 07, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 8C, 17, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, B7, 59, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00... 
[+]

Code size:

264 KB (270,336 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

setc

Command:

C:\Program Files\mysecuritycenter\programs\setc.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to radon.mysecuritycenter.com (5.9.49.73:80)

TCP (HTTP):

Connects to cache.google.com (91.245.214.159:80)

Remove setc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.