home

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with multiple programs including Microsoft Expression Web and Microsoft Office Home and Student 60 day trial. The file has been seen being downloaded from dl-web.dropbox.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Setup Bootstrapper

Version:
12.0.4518.1014

MD5:
95b8a4245a6cd37d36e56fae5a23e2b1

SHA-1:
139e0223e64a2d4f7ae94e347c657bdb86dfd5ff

SHA-256:
e69c4abcc4d2f130e66560fc27829b4fe62a2b1f66933790a3060bd7f4fcd878

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/23/2024 6:06:29 AM UTC  (today)

File size:
452.3 KB (463,152 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\office\setup.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/4/2006 3:43:46 PM

Valid to:
10/4/2007 3:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/27/2006 5:57:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:bWdC+v3cpQvYJvKPSwv2nPEuJ1fHbIop44Sm5FpxyN90vEbsN7:aEpQQJvKPSwvY1fHTHy90w67

Entry address:
0x3967

Entry point:
E8, 05, 00, 00, 00, E9, 99, BB, 00, 00, 55, 8B, EC, 83, EC, 10, A1, 20, 3C, 05, 30, 83, 65, F8, 00, 83, 65, FC, 00, 53, 57, BF, 4E, E6, 40, BB, 3B, C7, BB, 00, 00, FF, FF, 0F, 85, 49, A0, 01, 00, 56, 8D, 45, F8, 50, FF, 15, 48, 11, 00, 30, 8B, 75, FC, 33, 75, F8, FF, 15, 00, 11, 00, 30, 33, F0, FF, 15, 08, 11, 00, 30, 33, F0, FF, 15, 04, 11, 00, 30, 33, F0, 8D, 45, F0, 50, FF, 15, 88, 11, 00, 30, 8B, 45, F4, 33, 45, F0, 33, F0, 3B, F7, 0F, 84, 1A, A0, 01, 00, 85, F3, 0F, 84, 1C, A0, 01, 00, 89, 35, 20, 3C...
 
[+]

Entropy:
6.5857

Code size:
307.5 KB (314,880 bytes)

The file setup.exe has been discovered within the following programs.

Microsoft Expression Web  by Microsoft Corporation
Publisher's description - “The proliferation of rich interactive web applications across the cloud and mobile devices continues to create new opportunities for creative design and development.”
www.microsoft.com/expression
8% remove it
Microsoft Office Home and Student 60 day trial  by Microsoft Corporation
Publisher's description - “Get the latest versions of your familiar Office programs, such as Word, Excel and PowerPoint, and more, all in one convenient subscription. Sign up to try the new Office free for a month. Cancel online at any time.”
office.microsoft.com
9% remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 50 URLs.

https://dl-web.dropbox.com/get/microsoft office help/.../setup.exe

https://doc-08-3o-docs.googleusercontent.com/docs/securesc/kvr8g9p2i4k3funha82d361hl0qbh7k9/0rjuv8gtsqqajmf73uls7b8jub25pgik/1482494400000/15029793170307844904/.../0B6exgBMVXziFOUxuT2ZsLU1YUVE?e=download

https://ud.interia.pl/.../getattach,mid,113768,mpid,13,uid,c503523db95775e1?f=setup.exe

https://doc-0c-9s-docs.googleusercontent.com/docs/securesc/a6jq0j0jks405fskirgueiq76di1i1uo/vgjej3uco3c99b8nt73i5m0a90b35gbs/1482868800000/.../09005448474235258663/0BxgT9wekF3TbZzF6NmZaeVV1MXM?e=download

https://doc-0s-8k-docs.googleusercontent.com/docs/securesc/fv90l116q26i7ibe14vduhu15eee77ga/uupc77t7brn07djnbt0a3askahjrdte7/1480262400000/.../08858180628624383507/0B3pQ1B-8t1eqc3BCdjhTaXdGeDg?e=download

http://www.aacable.net/softwares/SOFTWER/.../Microsoft Office 2007 Enterprise/setup.exe

https://cloclo26.cldmail.ru/CiTiKo6SsHSWE9abzgB/G/8SCR/.../setup.exe

https://doc-14-c0-docs.googleusercontent.com/docs/securesc/sl1ildhhcklp5dr2uilihv68dfg92ra7/kps9v2i7floumdbr9abv5vjvo6804qvi/1476122400000/.../00114783277196135108/0BzX7l_XBKKTaVDVZX1lIZDZVM28?e=download

https://doc-0k-ak-docs.googleusercontent.com/docs/securesc/ufv1n94hj3e4i1vg2q7scgvktpdstm7g/rifm29s43qkcndu9mgp7midp7halq61u/1476979200000/07818696396086687464/.../0B5qJngwvWLyFOHJ4V011OWxqOTA?e=download

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pPloOCCIIB6ZlaZvl-8AYsk7d5oim6tjVLnvVcvgjeD-2ZtlT9A_pt3lDMkvO-73/messages/@.id==AD8NiWIAACG9V7Vh0gzZEJAClC8/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=4f465c23-67a2-bbef-01de-87009e010000&token=-Rv2JtK6VL507sVNo0ocBaExdluMB9pZhOFmduiWgofMuk9hY9ajqUuZpfGkRpRUpXSQPIt7834jXjyRXCwNNg&error=https://mg.mail.yahoo.com/.../iframemsg?id=8c2bc12a-5002-7ba4-849c-234c9b73d394

http://calpoly.remoteproctor.com/.../GetSoftware.aspx?type=pc

ftp://172.24.1.22/downloads/.../setup.exe

http://172.16.1.8:31337/SOFT/MS OFFICE/.../setup.exe

https://doc-0k-1o-docs.googleusercontent.com/docs/securesc/n12lo54rcgr6ci0e8g8mso43bd0rh41i/vgno5gtvv1dr8t32o082d2cd9rc42naf/1474560000000/.../17413451981407926551/0B74A8NSGGZYmMDI0ZW5SbXR3dHc?e=download

https://doc-0c-as-docs.googleusercontent.com/docs/securesc/oesftfh9hq6u47pacfimdtapo3krfqhv/1b7ckku6iem2cj49lds62jvjpmk6d7ea/1480348800000/07312819507940853757/.../0B6BUufQ-1DgMYmNtWnVzaFNkWXM?e=download

https://doc-08-7c-docs.googleusercontent.com/docs/securesc/pofrlku8ek156fnf6mts47cgsahtdu1u/7kbtfg0vvg80kflblfp0qpbk66hspia6/1481169600000/.../17786000661642750335/0B39c2O8anglrVUVFYnhuWXlubEU?e=download

https://doc-10-00-docs.googleusercontent.com/docs/securesc/g4k9a5i2lh365t4qme64fn329lc1vj90/7m2scadna5t9ggl6fe223hfi75di704k/1478282400000/16292689182792346691/.../0B9SlBMx2HrNXR1FMa1ZYMUZjVG8?e=download

http://2.track342ut.com/d/.../MjAzNnwzNTU5fFBMfDN8MXx8|68f669b839fae1b4f237c2ab7826140a|c2e492a0-c016-11e3-b038-0025b320a860

temp:setup (1).exe

https://cdn.discordapp.com/attachments/215454202443333632/.../SETUP.EXE

https://doc-0k-34-docs.googleusercontent.com/docs/securesc/025obegb6ugh5npcaf7r365f5n8dsp36/3vp2v8j2l896k8du4agh57b3rsgh68lr/1473804000000/05044849988888449215/.../0Bzk5X3tfBougdDNaT1ZyT3cxRTg?e=download

https://drive.google.com/uc?id=0B2qrtNgv1tk2cGtfWEtiem9lcW8&export=download

https://doc-0k-1c-docs.googleusercontent.com/docs/securesc/kfoq55pi76ndb25e63h2jiptid4v0h90/cl4e8alj57bgkt8vhp0h4alh98jq8b1p/1446998400000/.../13969108791388338522/0ByB5bd7eP2OPd20tSjJaYWdpSTg?e=download

http://www.securepctuneup.com/getip_build_lp.asp?utm_source=1074&utm_campaign=1074&sub_id=NDcjMjQ1IzMxIzE3MHwzMTgyfE1OfDN8MXx8fHx8&utm_pubid=40&tag=170&ad_id=3182

https://doc-10-bo-docs.googleusercontent.com/docs/securesc/58lc0e8a4bfq6au6duo4s2mn73jbf5cq/bnfovactha6u6c3at71f7tttc3rqet9m/1476021600000/02983353995135998462/.../0B3XHQZ8cHD4PZnlwWXZ2aVJNNkE?e=download

http://www.ospeedy.com/.../download_driver.php

https://mail.google.com/mail/u/.../?ui=2&ik=07cee919eb&view=att&th=15857ba2db041b8e&attid=0.6&disp=safe&realattid=f_iveyzzl95&zw

https://dl-web.dropbox.com/get/microsoft office 2007/.../setup.exe

https://doc-0s-54-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2qknj1eq5ma39p65s7pu8n3ftn78i78a/1476986400000/15932913608444991747/.../0BxvlRgMPXXq9MkFzSnBTaENLeUU?e=download

https://dl-web.dropbox.com/get/.../setup.exe

Latest 30 of 163 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.