setup mso.exe

The application setup mso.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download1289.mediafire.com and multiple other hosts.
MD5:
d5f6eea90be353189ac9e0e09c5db55e

SHA-1:
acbefa4567901f63064d63a416dcf9204f566cbe

SHA-256:
578706e6c9fce1529419e48845c091d717fc8ec0e2226a07f7f4a286d848e1f4

Scanner detections:
30 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/5/2024 8:26:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.T
550

AegisLab AV Signature
Troj.Generic
2.1.4+

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.22

Arcabit
Application.Bundler.Outbrowse.T
1.0.0.425

avast!
NSIS:OutBrowse-D [PUP]
2014.9-150804

AVG
AdLoad.P
2016.0.3028

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1584

Bitdefender
Application.Bundler.Outbrowse.T
1.0.20.1080

Dr.Web
Trojan.Packed.28644
9.0.1.0216

ESET NOD32
Win32/OutBrowse.AJ potentially unwanted (variant)
9.11821

G Data
Application.Bundler.Outbrowse
15.8.25

herdProtect (fuzzy)
2015.9.9.19

K7 AntiVirus
Trojan
13.183.13630

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.1451

Malwarebytes
PUP.Optional.OutBrowse
v2015.08.04.09

McAfee
Artemis!547349954B27
5600.6684

MicroWorld eScan
Application.Bundler.Outbrowse.T
16.0.0.648

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62483

nProtect
Trojan-Clicker/W32.OutBrowse.726923
15.06.19.01

Panda Antivirus
Trj/Chgt.L
15.08.04.09

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
8.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.175AFC6D!391838829
23.00.65.15802

SUPERAntiSpyware
Adware.OutBrowse/Variant
9712

Total Defense
Win32/Tnega.TbXFKVD
37.1.62.1

Trend Micro House Call
TROJ_GEN.R0C1C0EF315
7.2.216

Trend Micro
TROJ_GEN.R0C1C0EF315
10.465.04

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.4

VIPRE Antivirus
OutBrowse
41340

File size:
709.9 KB (726,923 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup mso.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:+Qm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XL+:+P48b/qczqEVf1idYY4t7+vVCtBNluqK

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9468

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup mso.exe has been seen being distributed by the following 3 URLs.

Remove setup mso.exe - Powered by Reason Core Security