» setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (78)

setup.exe

Picasa Updater

Google Inc

This is a setup and installation application. This is installed with Picasa 3. The file has been seen being downloaded from www.capitalvaultsbits.com and multiple other hosts.

File name:

setup.exe

Publisher:

Google Inc. (signed by Google Inc)

Product:

Picasa Updater

Description:

Picasa

Version:

3.9.137.1180

MD5:

2524f4ed491e75d21be38c025125e7ee

SHA-1:

39222208d94d89a0f5a4c8f73b13654db6fea59f

SHA-256:

b54d7bee47c74efe4ef902325fe0e72b0616ac1de038f2f4ef46b75da4d82f96

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/23/2024 2:54:04 AM UTC (today)

File size:

16.7 MB (17,529,160 bytes)

Product version:

3.9.0

Original file name:

Picasa Updater

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\google\picasa2\update\lifescapeupdater\setup.exe

Digital Signature

Signed by:

Google Inc

Authority:

VeriSign, Inc.

Valid from:

1/28/2014 4:00:00 PM

Valid to:

1/29/2016 3:59:59 PM

Subject:

CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2912C70C9A2B8A3EF6F6074662D68B8D

File PE Metadata

Compilation timestamp:

3/11/2014 12:51:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

393216:4JyRFb96cPDYoE4hfZlJjibzHap9qWES47b42/xP9ij:4EbZPDbE4Rf8bzdWT4n4Yfij

Entry address:

0x69A7

Entry point:

E8, 2B, 4B, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, 33, C9, 3B, 04, CD, 70, 80, 41, 00, 74, 12, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0C, 6A, 0D, 58, C3, 8B, 04, CD, 74, 80, 41, 00, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, C3, E8, 4E, 21, 00, 00, 85, C0, 75, 06, B8, D8, 81, 41, 00, C3, 83, C0, 08, C3, E8, 3B, 21, 00, 00, 85, C0, 75, 06, B8, DC, 81, 41, 00, C3, 83, C0, 0C, C3, 56, E8, E7, FF, FF, FF, 8B, 4C, 24, 08, 51, 89, 08, E8, 8D, FF, FF, FF, 59, 8B, F0... 
[+]

Entropy:

7.9954 (probably packed)

Code size:

72 KB (73,728 bytes)

The file setup.exe has been discovered within the following program.

Picasa 3 by Google Inc

Picasa is an image organizer and image viewer for organizing and editing digital photos, plus an integrated photo-sharing website. Picasa is 3 supports Windows XP, Windows Vista and Windows 7, and has Google+ integration for users of that service. Version 3.

www.picasa.com

6% remove it

The file setup.exe has been seen being distributed by the following 50 URLs.

http://www.capitalvaultsbits.com/f6cbl6HrRFmcJwxOYFeoNa21f3fWKSWpFaRLJnoQoipEbzRQtsrNIB M6prH cUQaf6sZt5WC4NhkQFruQI KdzJTtVIFGPaM9sZU2FtMe9X64CjeN62qj5vB4dVm9RgqbKYXtWBaMSS64T1yh6YXkVlAcplyuELaSg1Ivz_5jBt0v91fJQCOqzroGjvaxdAKUkr3YO3sFaWfO325DAe8OcFp VdpQ==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://www.capitalvaultsbits.com/lWPGhk8lXkE_E3F8Ms1 VMaTdGvd rzoFOOa5Eq_mqnok2ZLmsxdp1_NY NdmTrofXqZEmecBkm56v0HzgB8rKSCwvf9kU11WISiy4pVgRKAy1NsF78y2f3cb6rKMEDA8wCX1IyP0Q1LZ9kVTGjWEhoyqYfhgZ67Ll7RmXTaqshAPn Qbz3a1ca6BQE337_oSzmd Wu5bJsGJkgtD9c3glml6expzg==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://www.capitalvaultsbits.com/c2wtWXNXDM5rOXZe_GMV725bTFhKSPcncenlo8 zGytou8puL2w Lj073aTiIK5x43nAuZcXWJiKx17qZO27cjW4VUjk8 Q OxM0iURlnGY u4mNsm5ZjOfCil3yyayqG UzTq55QNOwtUTp6506_XBQaoApAWCzd1h7lWfaBKtz 8aWdcVXtVsUV3ihBrPzsHDuRSgfBG6ClRNrb1GnWVtewkYP1w==-Ow==

http://www.capitalvaultsbits.com/OnIvZehxMb1 hxP2dC2e_rJEL3OJvdv1jZa9t6g_pvwZH5d7PPUENHomvS4NPxi5DEsQOyB24nFHf7dWiU148zph3MpkekMb3ASa_P4fK UsnZT8htWmIu71uiX38Ve0Y5CgXF8c5zC07pkyUoX0WDuNzzhadbNiKRk2HPgZC1AcSlvt2gyF_9ecppoQnB_kzZl7P7aPJ_NTmuxxflMkLRUJlcV8WA==-GzcAAATcZLFBIVY2bZ CQw7Yv5W0JRBg4Dh8vhlF6Y0p3zKoJBTK673ZBdfQxAA=

http://www.flashlaboratoryapp.com/c?x= c4oUy6lX0C3lU6XYi7CR/OQ6QG3TwejszeB2GYGDRQ=&c=fYvdD/Yy3Oh6z7mcojyEIZcNkmfWknuf/Luc/zplBQ mnIzI4yXbeyzDn72gCax5bYFYkPna9mUjWnbqp2/BMCy5lObmHyLVKSqvNxNTs61d4UPETE2BDxEVgfO/.../rWgwICjF5Woln6cFoyrPog7rj j1qwHP58=&e=0&downloadAs=Picasa.exe

http://www.capitalvaultsbits.com/eqSRHZ_HJUrV4OPSTOefbF6OCAg7bA_jOz7PJRcu2uhfsmjw6xpP3jmSg2ynuiM9tAY0DQX0yQ729KMKVKf19gzr8IkvqPl_HwqPrp783HMiVN4Y4W9IKvsI 8vn8_zxg 1VLa D7uZhssD5GG ZFQ4_6Yv1rQiOM90hWNOTm7O06mfbeeWlNtiKr7D1z8O17ABABgQ6ATGw55hj G0e6sys3PQitA==-GzcAAATcZLFBIVY2bZ CQw7Yv5W0JRBg4Dh8vhlF6Y0p3zKoJBTK673ZBdfQxAA=

http://www.flashlaboratoryapp.com/c?x=pBuQIx2HmLd3vs4XUVUQcDZQRK86YFDxfy 9IQyrfP4=&c=dwbd6VA1TmbvnqrEAwK6Em3DhliR O1QIqMv3OX35fmnp0zrY7yVid6PrNYV4r 9vfSWz5H/6WMdQqku1PDpqjC9rmj7mOn0Pw5IL99pP6gWoy0InKgArHhy7P7PCdoawHDSV0vl2k4XLEXzBmPn2SJdQdr9t6uzOkxBg t1aC8O 0dBOXkg4W1O9MeMfFo &e=0&downloadAs=Picasa Setup.exe&fallback_url=http://www.downloadfree4.com/.../download.php

http://www.capitalvaultsbits.com/bLtZSQcyNSGkaSpQFKsxZ_pH8o7UKqgkuZ79WJQmxGUq7w9mVRVdlXcPCuslqMuUQpPEKHnzvD1ZMzgFdMUuQIc a6tq6pG1aGqST4ABas749sm0eUmmgUyaUuS_L7nsf9GQKfRD2Tr3R0MrFskjGJjoxXdcy3qoR5P4iJagoE5XxJbph6EcMxL1XWFPh uN012bV1nG_TqaR7isKn8Kz7 73JslKg==-Ow==

http://www.capitalvaultsbits.com/baPJ4_Wd7DA5kVkJRk1TI738TyfjDFYMBxe0ht1MlrYexOK_38 KDP1SuTvwEKZktW6anbvQeiXFEwCQXaCZkS9cGRHAwVbUPpbBo8YkcsADAN v09Jt2czOGsnewOE3hhGdOo8dGRhYJBwJBg0yVKqweEcxlCswOQ7nVCqtrPm6edm1SM8qHsgYwAI_mj8onuH0Z f7rpePGMaK7aDYkSsItzGUzg==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://www.capitalvaultsbits.com/6t9bFxdmTr6 ckbyg_KCqbFOLoGDPZM48_uhZ3j8V18uElLXWnNhLnD1jwj2mmHUNEF2Sk3J0C42Y2ooUl8wRiu5 zBmTAEc7Vu_z5yEiRUikdP3jeTmrsy6_kxpvrt7 ITvtS59uCVVgK6oyb2zQDeNlB7XObZBwy7_pKpg6VCS7UmieCELdBuSCTCqByaYSwVnmw_k9Mejr2L_Dwr4mxGmnTOuOw==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://elearning.fit.hcmup.edu.vn/~longld/Tools - using in Teaching Methodology Courses , no sharing for other purposes/.../picasa39-setup.exe

http://www.bytepresentbyte.com/GiYcVOR2uUEcMEZHcfO8OjN8sYRInVBjtjJtO4FHEATP1wUZC1vxsLB_HHt hFXV57o5uzHCFjxH65CwWgQuRyaVcfMBdfgSK_jLlKpXnNqxVWuc9j0_xC86_hy9lYR8 xrZN 49ssqqwteYSj3w2HQrAVv2gImcoA3_5i_0zPxvRvgO7F1fgAVR6Zi0baJ7977NFykj8L3L24yV0SFap rn5JGqHSGeEEVWGWOEt9u2gWZhVYJCT62fDW0QK_TutJMxviRNekb8Lsf2tAS43Sc Tcvmc5M PnQVBR7N_syS5rBrGLZIv5NFJLUs5plyTvK6v2_9s0rr4w81mS5CJeajbRIuB3O2EW1KHLfNWcet5eltj VFCBNBFQFz6wdT0KVqm3vb8KtsUirCRZntF8G35OkkfJO7RXzNjAFR4IxKyO0JZbWWgELSLpEgUP7YwrFgJQK5H4IesiFt75ohrPiFZy7lx3WoZQ5J8pC0Hz3b3cqu aHxZsA9ajoH0jPcacC7Fncw-G2oAAETd1prxhjRM8YgcWfiV651y4NCKSq75he980I2Fh3rBIajNILfxXM7oioWkPO_jozS5fx_1Xd pXAbmbMIhQcsBi3ZoGTsujEEA-e

http://www.capitalvaultsbits.com/YeFFf6BKXYbEOc hq_Dmke0NoZE4ye3UQydYYKGUuitsInD2ln_iy7JpOzgvYrYThm27 9p DqoENKQ_mLvp3K7MJnCcmJmjti2aahLO5wTceDFzaWKpGovAZXiGxvtev9S9a hynJnrvOXbkcpbJO5KZ98Sa37LJMtr9JZcQ4Ja9FeXa6YymUQCukTULQSRzTko1KFz3S25Qsf5wOlcQwpk5ccUHg==-Ow==

http://www.capitalvaultsbits.com/vN0Iy jTXJOouV54poRzJwCJwhzmsDNcmwP9r9x3SUj84Fvsua8HNBGNKeadtTW7nyWjt8kQw7sDUEyirgQr02QVm6v9uF4mijCeOSC4RQ47ANZzwuXdoBRBwoZXDOkOWBHm4ALhCaWd7DcqLCrGWbgDsNOLJjt7tVe6QyNT9a26JxYRylCnhf64x2fNOhf2ZcXOxZXF_F3Sws D zVgipWJNirbDw==-GzcAAATcZLFBIVY2bZ CQw7Yv5W0JRBg4Dh8vhlF6Y0p3zKoJBTK673ZBdfQxAA=

http://www.capitalvaultsbits.com/gvOzBYfxhcByf4WSzQY8 bTqFQWEgLEQ_hrWesJ6WMBmjDvVgAUqbs2EMV03rpWMWVV9NXRT5YIcNRw8tR3WtCwckjhKn44nB9hwXEgMbDDXB1SLmktNyjN5d3VV1lCQopjXaxT7DWkQOst750QOwszCfV2ZxantQ6rQyY92EHTFybfqkBgz6fiA 6322ieDIDmLPyewN6O68WVrxB7hXF4Z6N8i1g==-Ow==

https://doc-0c-04-docs.googleusercontent.com/docs/securesc/emi4it4m0ngjoq1fr3vthfrk2amru693/bv0k7qaup2ig00bmbglfcf77usgig9sg/1471989600000/.../14136979138849612908/0B862nw_xCCQ5ck1NM3lCMFIxdVU?e=download

http://www.bitstagcontent.com/8OxkBk5Mexy18IIRAfT6S2njolenowVKIRLao2PAaHu x2raXude7lzxxHmWggQIlD4nFpRc7ukMXCPsmRj_P4nnEN89ZH2VrxrfBPSct1 7wPKNACwlfhBEZPmqQLwvzS9scrjvX74lZ6kfCty4u8nz Ury4ga6zS7Kd O kwKz3voCbOkD4cxhd3h5_AccU1OXsYIh-GzUAAERPFtPZJ4nhQbNhAxtw4FQgme04bIydqeAo3lhRYI3EjDPoXQO kRjttekF

http://www.capitalvaultsbits.com/zbw87j1uvXozQQHHxhAfuVsD0fVXpz_iehyNFYz7llZo84FmLGL0OfpcYUbUtnWESvOIA8WPdhqAtkdIiuWQGtS3APbmQ_mStRPhOvXOffOgLjANosevQcYqGjG5VeUGe6EcXXhVNs734BGCyoAqNXhF8KkojqE_vWsLfJ6ZwE0AUW5bhgx76DWl8Y3KMrZ3Oamcz7 s_yqYx3tUWMn hhEgqzW4dw==-Ow==

http://www.capitalvaultsbits.com/YO2eaXz5rziADt663uFQUVJ7uluWlHktTxU_FM91JnC5WQHYlZV8R9g8HQaz_PBYF9coVkQn67ZScb1ZBhbNS9qHAcYAPcRFnw8TeObrwJPNX2thg3l2MeGLDGkOo7MZVpXGeqO5z06sTa7a_ToYmcNTrW4xurluueuzBw9PBR2xaBiDrmz8iuXaLJvE6rJVMZ_frn2Irey0_KWV0uWGrsyfzvjGjQ==-GzcAAATcZLFBIVY2bZ CQw7Yv5W0JRBg4Dh8vhlF6Y0p3zKoJBTK673ZBdfQxAA=

http://www.capitalvaultsbits.com/DA6bIXEtkbfXecN4xRtlEZLgMVxwrV8U8LESrk27biz7YIaBciuEjCUlv eT7TaJHnOfW6UDenqqvmg1qF zZF0HcSjth6NoemZSHMlmFmiIvxvKpk2Ij7Uoic3l7a1EFgdgormwBczAggCGfV143Z7gGsP8mNra0CO4UxkvwZw23lWR1yQNaE99_K0ykPOy0I4tRR2Bt0Ao_IPWGj4kkCRB1Dhn9g==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://www.capitalvaultsbits.com/bwQNplbBL6O1RpfI15wneEAbVghuW5EWu96gkjuOePYxk4v9Cx38XSv2o9lcUYoMYAfDnOGWoiDRuhZ40bkW0MmCwDGlostQn 1jSgOcJu5X jUwa4JGnAZ0jkiZybdQ3U P0IiRrRemeNuUpqX9gBc9bpWuvdnQbtQr5_6SMO9jTIYq_4MWUJWXzb 22WLmGacSmbESBbTwAtLQstGBNNuW8aonrA==-GyoAAAR0Y7H5YEznRZMDYWPsXv8W6oygxjgPlBsrvzB25bQR9zvHMQA=

http://www.capitalvaultsbits.com/RlsWoeKBH21fEjJ1NDMcuXrpdYkJkF1jEA9 N7mCA7TaezDW4jKmWVUWRRH1SieDzM4WkwDshUViX0y pB6f9_Ypao9h 7z8sbyKeYLKilpflVjK99U6VXVz42eciJTO1GtbC_bJ_ lTIw uAQlrNYFQH06Co8xKTYjyaEUx6h28zbyn26eAkKwPDmUXH03UaBPaEDhy3anGVk0vLJT4QiNzwduz7Q==-GzcAAATcZLFBIVY2bZ CQw7Yv5W0JRBg4Dh8vhlF6Y0p3zKoJBTK673ZBdfQxAA=

http://www.towerscontentapp.com/cAQUA0EL9me2tt9aFFDXqbm8617y_cYU4xbeGJnJku5t5ha yXFIvtJFjU7zZ1YrWXgB_fKq1JF4tJxuh5x7EaFU9vxz6zV6TBwIcc6Mi43xAd 7YrqOSqpVdHbWsEItHgBpk eZh_2TjAKzkuTdJJc6_a85vLW53udT1QNP24sLnDSpDOTtnRKs3tYpUbL9n 2qSub6l8ftbNBRex_Es5BcP6FsAw==-Gy4AAEQ3F5MWk607UDAM3OHgkAOH7yBxFBDW0tZ91hKXaK23wyacZcUbaQc9Oj4A

http://www.capitalvaultsbits.com/P_pqjXSd8dmZSiw6I0UCMS1LPOD1BOO0tHtEgI02PJhc2EX9wf 2mwaY2L61Hp qCV4JjxXO_pkAi2m6Y1I_mBdKD9K5WlR1AKfbB5VdDNTvqVSZwvzyuTlayM1uMy3dTr3l5JLH58OhyNnthtin6bx845P4mQ HgW_K2BV1vfwAMUEqpjdtIMVXMLTEO0ww1RlrjZZ1I0zYxynPs8FwBzL0KARpAA==-Ow==

http://www.capitalvaultsbits.com/WVl6OTRQV2huYVZKSlVuRlFVbmQzV1c5VGFYcEZSR3RuVTNCbmJXUTNUbkIxZUZoU1Qzb3dRVTlYVTA1dGNrVWxNMFFtWXowMlRFWjZPVzVvUTBoT1ZuaHVWazF5VURaSWJqTlZlbVJKUzJKRVNFeDBabFpuSlRKR05EaDFSWFpEVWxsQldGRlBVVkJTV2pkb1ozVmFTM3B0V2s4eFJEUkhRM0UzTjFZMVkxUnROMGQ2VURobVkzWmlNMlJ1Ym1kT1RuQlNSbTUyV25GbmMzRWxNa0pwWVNVeVJraDRkWE5hY1NVeVJtcE5kWGRwV1dwaWNHZEhhbXBLVldodEptUnZkMjVzYjJGa1FYTTlVR2xqWVhOaEsxTmxkSFZ3TG1WNFpRPT0=

http://download.informer.com/.../picasa39-setup.exe

http://www.capitalvaultsbits.com/yzBwC5uWHEC3AWJEuCHmv4nnZQU6vvaJs7LmHMVCdOEMkGbqmTaoI6qwueuyozcqncEgdzkSv64tXr_VG5Vsi0pnakR8BlkuqFYe_4c21JBCGTfmAiYXawPbWegY4YvftarNEWFtOmYesdcmiVlM0768fhIeb9VMsChE_yzIjGaGqhMpEb2k2Pe8I XM0Pu O02MoxkaPPRsNBb2ibMJJHbJqRm70w==-Gy8AAARacoght6Ts9u8xtq6xNnGMp8DG2LmCEb28xgxfr4YAe1JYxP3u5Cg=

http://www.capitalvaultsbits.com/c?x=YeDDUx0a oiR4jsV313vjZhKEBusX7CsyA1WEtw2xq8=&c=1wexND8MfxDY8Zrkr8nzu95yPLcIdIZLzuFKgKGLHgSGJrXIomkuXjNpWWuVCQ ZGu4flsPiZPrwKbK6SdKncrK8BfJ9Kir65DfYcaESp36TCYUE3bkpo27ks9xCorzisIp4S1y4wSpjwxc41yt0uxQZBIpgeQAIt1mUfUraf78=&e=0&downloadAs=Picasa Setup.exe&fallback_url=http://www.downloadfree8.com/ic/.../index.php

http://www.capitalvaultsbits.com/c?x=QPNoM7aWpU8GqpQw80BYrzSoiWrEZ2JEgoc67Kpujag=&c=34BS6VXDAHHG3cKF2Ca9wFCwi38 y0aYrVLGbrtVm8agAr0l1YztQhaneQJ7JqZPgJ5QH7Vf9meEgIBAQGKZ0USu2JrXpDV riX7VQ4iB1kyeP5c8hivehiq2KyO09wKpqchdpZ mjPIZdLNhucvruJ6Yy7TlRZLexyx/YFDPXg=&e=0&downloadAs=Picasa Setup.exe&fallback_url=http://www.downloadfree6.com/landers/.../download.php

http://download.forest.impress.co.jp/pub/library/p/picasa/.../picasa39-setup.exe

Latest 30 of 78 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.