setup.exe

Amigo Installer

Mail.Ru LLC

The application setup.exe by Mail.Ru has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address amigo.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by Mail.Ru LLC)

Product:
Amigo Installer

Version:
54.0.2840.189

MD5:
6108667b01634e009c68de0c64e55501

SHA-1:
1828198a4f7c6854a670e15604a9827642c26c69

SHA-256:
4c8cff244f4a1a2317751d92c3da69158a9fcc289e7ca3dafceacf6d94e06a8e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 12:31:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amigo (L)
16.12.8.11

File size:
1.3 MB (1,332,952 bytes)

Product version:
54.0.2840.189

Copyright:
Copyright 2016 The Chromium Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/6/2015 3:00:00 AM

Valid to:
8/6/2017 2:59:59 AM

Subject:
CN=Mail.Ru LLC, O=Mail.Ru LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
46946F32338A79AED5D30FEACE24618C

File PE Metadata
Compilation timestamp:
12/7/2016 2:35:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0xB2A3A

Entry point:
E8, 8C, 0A, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 6A, FF, 68, 4E, 62, 4E, 00, 64, A1, 00, 00, 00, 00, 50, 51, 53, 56, 57, A1, 54, D2, 50, 00, 33, C5, 50, 8D, 45, F4, 64, A3, 00, 00, 00, 00, 89, 65, F0, FF, 75, 08, 83, 65, FC, 00, E8, 5A, F6, FF, FF, 59, EB, 08, B8, 82, 2A, 4B, 00, C3, 33, C0, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5E, 5B, 8B, E5, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, AD, D0, D3, EA, C3, 8B, C2, 33, D2, 80, E1, 1F, D3, E8, C3...
 
[+]

Code size:
917 KB (939,008 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to amigo.mail.ru  (217.69.139.252:80)

Remove setup.exe - Powered by Reason Core Security