» setup.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (3)

setup.exe

Locaweb Softphone

InWise Internet Company do Brasil S.A.

This is a self-extracting archive and installer. This is the uninstaller utility registered in the Windows Control Panel for the program Locaweb Softphone by Locaweb iDC Ltda. The file has been seen being downloaded from files.slack.com and multiple other hosts.

File name:

setup.exe

Publisher:

Locaweb iDC Ltda (signed by InWise Internet Company do Brasil S.A.)

Product:

Locaweb Softphone

Version:

4.6.0000.0000 pt-BR RELEASE

MD5:

8b36857961acc80a26e06773dc384c7d

SHA-1:

38dc0f76e5877cbb3a1a7e7fdce8b89b002a5321

SHA-256:

6251fcdba183e5151c14b4eb1f46769adc76d59a388a2f0a52591b012661d3ac

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 11:27:36 AM UTC (today)

File size:

7.4 MB (7,811,768 bytes)

Product version:

4.6.0000.0000 pt-BR RELEASE

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\application data\appdata\application data\appdata\application data\appdata\application data\appdata\locaweb\locaweb softphone\setup\.iap{0070.0000.00e8.0004}.4.6.0000.0000\setup.exe

Digital Signature

Signed by:

InWise Internet Company do Brasil S.A.

Authority:

TrustSign Certificadora Digital

Valid from:

6/30/2013 9:00:00 PM

Valid to:

7/1/2014 8:59:59 PM

Subject:

CN=InWise Internet Company do Brasil S.A., O=InWise Internet Company do Brasil S.A., STREET="Av Tancredo Neves, 1283", L=Salvador, S=Bahia, PostalCode=41820021, C=BR

Issuer:

CN=TrustSign BR Certification Authority (Code Signing), OU=Security Dept., O=TrustSign Certificadora Digital, C=BR

Serial number:

00DC903522D192DFF02B2600461098B7AC

File PE Metadata

Compilation timestamp:

11/13/2013 4:30:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:f92wzcVucoq8Nyo1qE/Lc4d0DylIdewGBDsZWWIEDVsuUBwVoKusb:ljAV9+yo1VA4d02lIYacWIo8wmS

Entry address:

0xBCB890

Entry point:

60, BE, 00, B0, 86, 00, 8D, BE, 00, 60, B9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

7.4 MB (7,737,344 bytes)

Program Uninstaller

Program name:

Locaweb Softphone

Display publisher:

Locaweb iDC Ltda

Display version:

4.6.0000.0000

Uninstall string:

C:\PROGRA~2\Locaweb\Locaweb Softphone\Setup\.IAP{0070.0000.00E8.0004}.4.6.0000.0000\Setup.exe /uninstall=true

The file setup.exe has been seen being distributed by the following 3 URLs.

https://files.slack.com/files-pri/T0C651RR9-F3V5TD73K/.../setup_softphone.exe

http://enovaodonto.com/.../setup.exe

http://admin.locapabx.com.br/.../Setup.exe

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.