home

setup.dll

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with Microsoft Office Professionnel Plus 2013. The file has been seen being downloaded from drive.google.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Setup Bootstrapper

Version:
15.0.4420.1017

MD5:
6f5515e33da8237b0e55f75b9e9b39fe

SHA-1:
643e7a12bf0f1c1ed618def1073a1ee6ecc18aed

SHA-256:
3bab6aa2f696d403fdfb47a6fed4a64bd3e3c25a498bdf7871aed3b47cd14ae0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/17/2024 2:31:59 AM UTC  (today)

File size:
1 MB (1,060,504 bytes)

Product version:
15.0.4420.1017

Original file name:
setup.exe

File type:
Dynamic link library (Win64 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/26/2012 11:50:41 PM

Valid to:
10/26/2013 11:50:41 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000088590E3C511FE26A67000100000088

File PE Metadata
Compilation timestamp:
9/29/2012 9:53:13 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
12288:JDGE/aPXaRH6fF0MmnbzjuXTJnzfwQtI7XHgZyKhJAea3hNgKCo:JV/68U+MmG1njwBLHgZnJc1Co

Entry address:
0x27BFC

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 23, 41, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, 90, 90, 90, E9, 6B, 22, 00, 00, 90, 90, 90, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, 8A, 30, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, 96, E6, 02, 00, 48, 89, 05, C7, CC, 0A, 00, 48, 89, 05, B8, CC, 0A, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83...
 
[+]

Entropy:
5.9198

Code size:
337.5 KB (345,600 bytes)

The file setup.dll has been discovered within the following program.

Microsoft Office Professionnel Plus 2013  by Microsoft Corporation
2% remove it
 
Powered by Should I Remove It?

The file setup.dll has been seen being distributed by the following 25 URLs.

https://drive.google.com/uc?id=0B1wdts_LD5kPQW9yT0xQcGd4MVk&export=download

https://doc-04-2c-docs.googleusercontent.com/docs/securesc/hpbr7mb0be7ekdgiherisogqfb95od8m/g7n8sngo4994bhdr9dusp1se02u2bjga/1471341600000/09546857595311281174/.../0B7A2mU2N_Zg7YjRya1NPWXVfTFE?e=download

ftp://ftp.ptcl.net.pk/Helpdesk-Software/Office 2013/.../setup.dll

https://onedrive.live.com/download.aspx?cid=DC95528CB842BBB4&resid=DC95528CB842BBB4!22127&canary=gWSnjVjfeXmrpgvU8buov1h0iBPW23spyHKdHxDuuNU=7&ithint=.dll

https://dl-web.dropbox.com/get/office/.../setup.dll?_subject_uid=38519145&w=AACG_t6ieRW__0wRofIu3rIo6w0DO1bKzQMtXRuCnEI0OA&dl=1&_download_id=7295207965169226434694787584150751526788832861335011456656241136&_notify_domain=www.dropbox.com

https://doc-0s-7g-docs.googleusercontent.com/docs/securesc/lhqng165tpqc8i513ifeslt3r8pt38k1/tsamthsgp3g7ocrlt6af6p8bc316cfq3/1471212000000/04496183364288435106/.../0B0BvH_bONHRRZUlfRXRfcHc2a00?h=11621357047821417406&e=download

https://mega.nz/temporary/.../f8Y1QLpT

https://doc-14-4c-docs.googleusercontent.com/docs/securesc/uflvr201vnuough854nhsu1s3oji6f9u/bquidbusq3jfsmsaaa8246jo7fd2jpj8/1480953600000/05335219783966937406/.../0B6nOt09eZprXeHhCQ2hvaFl2Tmc?e=download

https://doc-04-0g-docs.googleusercontent.com/docs/securesc/3udv97l268is62fjpcp4as49ovbli9ak/68ljf31leuirl98sg9upllk8ejvartpv/1477800000000/03244330997088356497/.../0B720i29KLUySZXBsN05JcXA5eG8?e=download

http://s8337.chomikuj.pl/File.aspx?e=UaDvn4FoQL4_MHC8Pa7wt9Aif4Ad1YGx6iWee2LnmojuVZYeTDM3kCat8hll8lY_onNmtdvnjEbRGK-oR5NqSlqrcyH6K5BC3X56uJopdkdYuuIrKflFtFEG_BRBVCe6u7xGwu3oigFHyvldMJodow&pv=2

https://doc-10-0c-docs.googleusercontent.com/docs/securesc/4s1fto1a40hq0i3i9vsg8c3l41lieho6/kq79lc5jtppvi6c9ulj7gtns6vi5tbd8/1469966400000/13130229247068772785/.../0B7LdnlnvVpReNGl6WWtwQ2VIYUk?e=download

about:internet

https://drive.google.com/uc?id=0BxCdhbVowGz7WGl6elJNU1hmU1k&export=download

https://onedrive.live.com/download.aspx?cid=F601B0E11885BCF4&authKey=!AAlYZCqoRO8gPcQ&resid=F601B0E11885BCF4!1305&ithint=.dll

https://www.dropbox.com/sh/qtk8s7hi7gobc7b/AABop6rVzb58BwFHV1QpL2SQa/Microsoft Office 2013 Professional Images/.../setup.dll?dl=1

ftp://192.168.12.33/MS Office/.../setup.dll

https://mail.google.com/mail/u/.../?ui=2&ik=359361c8d2&view=att&th=152c6445b68bcf14&attid=0.3&disp=safe&realattid=f_ikfg7eo72&zw

ftp://hpc.dvrcam.net/Office/Office 2013/.../setup.dll

https://onedrive.live.com/download.aspx?cid=0863367C88EC3200&resid=863367C88EC3200!167&canary=FBaYm6S6B1AZ3fwIfFEWE9aRTrIbSwvrDo UC715SII=9

https://drive.google.com/a/.../uc?id=0B-BBsqebRSjwa2gyUzRja204Slk&export=download

https://dl-web.dropbox.com/get/Public/.../setup.dll?w=AAAyKOUmwQXVoXOK8oWW3a-0zw2gZgeysKG30tSMWTnfzQ&dl=1&_subject_uid=88455034

https://doc-10-2o-docs.googleusercontent.com/docs/securesc/rb39i50k6lv190ovc0e5g8vom64pinrl/0f1j2r165q1hmmjudmck0u0ujifj3gr0/1391436000000/05299113251437137159/.../0B06_3DclvuZvcm1HSzBUWm83Mk0?e=download&h=16653014193614665626&nonce=om5ja9thivnko&user=15597417786073045118&hash=m8jajcj7l9o38l2hr2oe13c1qen29pm7

https://docs.google.com/nonceSigner?nonce=om5ja9thivnko&continue=https://doc-10-2o-docs.googleusercontent.com/docs/securesc/rb39i50k6lv190ovc0e5g8vom64pinrl/0f1j2r165q1hmmjudmck0u0ujifj3gr0/1391436000000/05299113251437137159/.../0B06_3DclvuZvcm1HSzBUWm83Mk0?e=download&h=16653014193614665626&hash=d3296jf6ms1hqeojldj0bhkpjuj6npp2

https://doc-10-2o-docs.googleusercontent.com/docs/securesc/rb39i50k6lv190ovc0e5g8vom64pinrl/0f1j2r165q1hmmjudmck0u0ujifj3gr0/1391436000000/05299113251437137159/.../0B06_3DclvuZvcm1HSzBUWm83Mk0?h=16653014193614665626&e=download

https://drive.google.com/uc?id=0B06_3DclvuZvcm1HSzBUWm83Mk0&export=download

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.