» setup.dll
Overview
Analysis
File Details
Programs (1)
Downloads (13)

setup.dll

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with Microsoft Office Professional Plus 2013 version 2013. The file has been seen being downloaded from doc-08-7o-docs.googleusercontent.com and multiple other hosts.

File name:

setup.dll

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Setup Bootstrapper

Version:

15.0.4420.1017

MD5:

c4136d75731001a351684c9c368c8753

SHA-1:

c271bf3fdde32716e9bf38f78eb0da2158098bc4

SHA-256:

5a376b548186bb2da03256842e2395eeff69ebd69870239a0b9585001a82ca5f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/17/2024 1:03:28 AM UTC (today)

File size:

810.1 KB (829,576 bytes)

Product version:

15.0.4420.1017

Original file name:

setup.exe

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\windows\temp\setup.dll

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/26/2012 1:50:41 PM

Valid to:

10/26/2013 1:50:41 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000088590E3C511FE26A67000100000088

File PE Metadata

Compilation timestamp:

9/29/2012 10:40:53 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

12288:wED33YeI9P4Bugo7azhNNJQOvGwZI7XHgZ7KhJgeaXt09dp:wEDLeP4Bugo7an3Q3wmLHgZuJ8t09T

Entry address:

0x4462E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4D, 4D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 5D, E9, 9C, 32, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 78, 11, 00, 10, 57, FF, 35, 08, 48, 0A, 10, FF, D6, FF, 35, 04, 48, 0A, 10, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, D9, 33, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73... 
[+]

Entropy:

6.2165

Code size:

409 KB (418,816 bytes)

The file setup.dll has been discovered within the following program.

Microsoft Office Professional Plus 2013 version 2013 by Microsoft Croporation, Inc.

www.microsoft.com

About 4% of users remove it

The file setup.dll has been seen being distributed by the following 13 URLs.

https://doc-08-7o-docs.googleusercontent.com/docs/securesc/sogcm9ogmv4q5ro9pq0nfkmetrk5vgl5/sfbos6duhqspe8m87gf5hargcd79cvfs/1474934400000/17742215984871697443/.../0BxvUCVMefvGeQjM2WVVKRV85ZTA?h=06114832177170270364&e=download

https://doc-0s-bk-docs.googleusercontent.com/docs/securesc/u27nev5gvt2n48tf7q9b6cq8ml04m5om/0jeke9urag33khuuuoqq0j77gogo4kh3/1477785600000/15012312087786474373/.../0B8nvh54sZX-ycF9rOS1qcmFqQjA?e=download

ftp://ftp.ptcl.net.pk/IT PTCL Support/PC softwares (ptcl)/MICROSOFT/.../setup.dll

https://dl-web.dropbox.com/get/microsoft office 2013 32 and 64 bit with activator/.../setup.dll?_subject_uid=478306695&w=AADJkO1DetjqPLJ8wIAX2BrIGWUVld3gF0yesXxA3LOYXg&dl=1

https://doc-00-5s-docs.googleusercontent.com/docs/securesc/eqc15u3i3ldf9p16884p7e6g0cs5tfgt/0hs2figif0e0ekigp18tu9jtunu96jpo/1476878400000/11031044826708904635/.../0B-dCVCRB9GBsNjAxSFFJRjRXNk0?e=download

https://mgdubai.ddns.net:8082/share.cgi/.../&filename=setup.dll&openfolder=normal&ep=

https://doc-14-6c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cjct1mm5f1q1gno30chh8feddb2tpbo8/1473703200000/10604262956071250124/.../0B6pOhr29sv8eSndTa3gzSWhCRnc?e=download

https://drive.google.com/uc?id=0ByjRb_WxylvacEtWTHZ4SFJ6NUk&export=download

https://drive.google.com/uc?id=0B-cye7qd9kW0b0p6RWlWUzJnM3M&export=download

about:internet

ftp://10.19.10.2/FAJAR KIT/.../setup.dll

https://doc-0s-cc-docs.googleusercontent.com/docs/securesc/jil8b1g7qf0h1im0s8t409profcor23r/9t2fn2319ds6k64o67kd1k76b8rpiupe/1391889600000/14329907120934719596/.../0BwshnOMlODn3VkJtQ0FhcG9OVkU?h=16653014193614665626&e=download

https://drive.google.com/uc?id=0BwshnOMlODn3VkJtQ0FhcG9OVkU&export=download

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.