home

setup.exe

MD5:
283c2ef73d62db779226e2daf863f962

SHA-1:
34ee18abb47df5868f9f7e7e757625c033956814

SHA-256:
9a92eb68051695b49d37e7f5b7f2b247df4ba44e5f534ca2200b551708574e10

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/23/2024 12:20:29 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Amonetize
37226

File size:
412 KB (421,888 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:lWGOcRPGacC/utQKzX6L8ABO/YuVjlv/5yOHrlhnuueNDMEqXJKSDl:nRPD9/OQKDE3fqlJJHrCLD+XQu

Entry address:
0x57B8C

Entry point:
55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 6C, 79, 45, 00, E8, 80, E0, FA, FF, 33, C0, 55, 68, DB, 7D, 45, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, 40, 38, 42, 00, E8, 56, C0, FC, FF, 8B, D8, B2, 01, A1, F4, 17, 41, 00, E8, 38, B5, FA, FF, 8B, F0, B9, F4, 7D, 45, 00, BA, 20, 7E, 45, 00, 8B, C3, E8, A5, C4, FC, FF, 8B, 53, 30, 8B, C6, 8B, 08, FF, 51, 6C, 8B, C6, 8B, 10, FF, 52, 14, 85, C0, 0F, 8E, F9, 00, 00, 00, 8D, 55, EC, 8B, C6, 8B, 08, FF, 51, 1C, 8B, 55, EC, B8, E0, AD...
 
[+]

Entropy:
6.5656

Developed / compiled with:
Microsoft Visual C++

Code size:
348 KB (356,352 bytes)

The file setup.exe has been seen being distributed by the following 4 URLs.

http://v4download.com/download.php?id=Thekool1s&title=Freebitco.inbot

http://www.v4download.com/.../download.php?title=CinemaHD_Codec&id=mmanolash

q=http://goo.gl/085KqU&redir_token=uAJL_1ih-kJnz21ExU1TDftUcnB8MTQyMzEwNDIzMUAxNDIzMDE3ODMx

q=http://bit.ly/1CX8884&redir_token=Idt814n0xbXY1uzQqjaRcieJ6pR8MTQyMzA5MDQzMUAxNDIzMDA0MDMx

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.