home

setup.exe

Операционная система Microsoft Windows

TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application setup.exe, “Исполняемый файл для игры "Червы"” by TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from moon-heap.ru.
Publisher:
Microsoft Corporation  (signed by TOV )

Product:
Операционная система Microsoft® Windows®

Description:
Исполняемый файл для игры "Червы"

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
c5a53cdf613fca3bcff9f3e64c551cce

SHA-1:
125a46134018de5ddd568734e9b32de1ec3aad1a

SHA-256:
ad9ed3ceaced1dee46c4a1f5299807f234c9d4b88c58f8b7ce995e74a7a9595b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 6:22:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize
16.6.12.13

File size:
2.5 MB (2,671,568 bytes)

Product version:
6.1.7600.16385

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
hearts.exe.mui

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
TOV

Authority:
COMODO CA Limited

Valid from:
4/26/2016 3:00:00 AM

Valid to:
2/13/2017 2:59:59 AM

Subject:
CN="TOV ""RENT-IT""", OU=IT, O="TOV ""RENT-IT""", STREET="vul. Knyazhyy Zaton, 16-A", L=Kiev, S=Kiev, PostalCode=02095, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
19ACE3BFB198AF52FB7E58A91770EF4C

File PE Metadata
Compilation timestamp:
5/2/2010 10:37:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:iPWpf609Cb3p0BaVZbqTFiuiXL7+yunSW+PwC:iupf8p0Yzb8IWDD6wC

Entry address:
0x25C120

Entry point:
55, 8B, EC, 81, EC, 38, 07, 00, 00, 8B, 45, 98, 89, 45, B0, C7, 45, 94, 59, 97, FF, FF, 0F, B6, 8D, 71, FF, FF, FF, 85, C9, 0F, 8D, DD, 00, 00, 00, 83, 7D, C4, 00, 72, 1B, C7, 85, DC, FE, FF, FF, 58, 8D, 00, 00, BA, 47, F8, 00, 00, 2B, 55, C0, 66, 89, 95, 84, FE, FF, FF, EB, 21, 0F, B6, 85, 61, FF, FF, FF, 05, F0, AB, 00, 00, C1, F8, 90, 88, 85, 67, FF, FF, FF, 8B, 4D, BC, 81, E9, C1, 49, 00, 00, 89, 4D, 84, 8B, 55, FC, 89, 95, 8C, FC, FF, FF, 8B, 85, 8C, FC, FF, FF, 83, E8, 20, 89, 85, 8C, FC, FF, FF, 81...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.5 MB (2,611,712 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://moon-heap.ru/14634997503557/setup/.../?load=1

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.