setc.exe

MY SECURITY CENTER LTD

The application setc.exe by MY SECURITY CENTER has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘setc’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.
Publisher:
MySecurityCenter  (signed by MY SECURITY CENTER LTD)

Version:
1.0.0.0

MD5:
1cf470ec7ce3929880a7505118869be8

SHA-1:
e223fd4bae3c3796111a98d1c91706ef5faca6c5

SHA-256:
edd4ca2114b519601bdcfb83982e24b67d2f9613c52294cb6e1b3c44383bd8db

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:51:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup
15.1.12.12

File size:
380.4 KB (389,488 bytes)

Product version:
1.0.0.0

Copyright:
(c) MySecurityCenter. All rights reserved.

Original file name:
SetCookie.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mysecuritycenter\programs\setc.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/26/2010 9:00:00 PM

Valid to:
5/26/2012 8:59:59 PM

Subject:
CN=MY SECURITY CENTER LTD, O=MY SECURITY CENTER LTD, L=WEST DRAYTON, S=MIDDLESEX, C=GB

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1F8B282A7A992535C9223295A40E2799

File PE Metadata
Compilation timestamp:
3/13/2007 9:03:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:0fW/j0oiC6FdN+MTr/a2NgZqoXdb38bmewwt7WDovjGohkzjV:biC6PTr/3NgLd4bVjt7WDocR

Entry address:
0x2AABE

Entry point:
E8, 48, 57, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 00, 68, 45, 00, 75, 02, F3, C3, E9, C8, 57, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 81, 16, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 1D, 5D, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 5C, 16, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 87, 58, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00...
 
[+]

Code size:
264 KB (270,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
setc

Command:
C:\Program Files\mysecuritycenter\programs\setc.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to radon.mysecuritycenter.com  (5.9.49.73:80)

TCP (HTTP):
Connects to 173.g8-ggc-bsa.google.com  (179.96.35.173:80)

Remove setc.exe - Powered by Reason Core Security