setup.exe

Level Up Interactive SA

The application setup.exe by Level Up Interactive SA has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from vastfolder.com and multiple other hosts. While running, it connects to the Internet address 187-072-154-097.static.ctbctelecom.com.br on port 80 using the HTTP protocol.
Publisher:
Level Up Interactive SA  (signed and verified)

Description:
Setup

Version:
11.0.60315.1 built by: Q11REL

MD5:
0472bd275d65b95c2efa92da7573ec21

SHA-1:
3953552229678710f3e192baf49b6fb7b7b5189d

SHA-256:
bdfc958a95a9a45f2d659c58e429ab21573ee5c50b7f2b04ba02c06d404c8a7f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 7:03:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallX.Bundle
16.3.1.10

Trend Micro House Call
TROJ_GEN.F47V0824
7.2.353

File size:
490.3 KB (502,104 bytes)

Product version:
11.0.60315.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/1/2013 9:00:00 PM

Valid to:
8/2/2015 8:59:59 PM

Subject:
CN=Level Up Interactive SA, OU=TI, O=Level Up Interactive SA, L=Sao Paulo, S=Sao Paulo, C=BR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
39430F30906CCE377292B7705EF22CA6

File PE Metadata
Compilation timestamp:
3/15/2013 12:35:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:yDYWR5J+Wnp8JZt1u3s+++yPmhbyonmqZ2TLdwMpvXVQF4WaofPpAu:yDtPJKQ7v5yamCmwjxq

Entry address:
0x2FAA8

Entry point:
E8, 5A, 65, 00, 00, E9, 7F, FE, FF, FF, E9, DB, 31, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 8A, 32, 00, 00, C7, 06, 84, 65, 40, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 84, 65, 40, 00, E9, 95, 32, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, AA, 6C, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 0B, 6C, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 8C, 65, 40, 00, E8, 1E, 32, 00, 00, 68, BC, 0B, 45, 00, 8D, 45, F0, 50, C7, 45, F0, 84, 65, 40, 00, E8, 2A...
 
[+]

Code size:
322.5 KB (330,240 bytes)

The file setup.exe has been seen being distributed by the following 50 URLs.

http://vastfolder.com/n/3.2.10/.../Setup.exe

http://www.moozybox.com/download.php?a=45&tid=4001

http://files.getsoftfree.com/get/click/.../?sid=D39B7CC5-0C01-4080-8F9E-D95E2A3F4150-1776&filename=setup

q=http://goo.gl/tp8nKm&redir_token=O9W2-ySu3eG-tfsb6aT_bYXHskt8MTQxODUwMjc1MEAxNDE4NDE2MzUw

http://www.anyprotect.com/dl.php?sct=NONC&data=null&anyprotect_id=1&r=ap_web1_nc&pr=s&prm=dXJsPXt7aHR0cDovL2QzODltNGw1YjV3bGNiLmNsb3VkZnJvbnQubmV0L2FwbHBtb3YuaHRtbD9jaD1hcF93ZWIxJmF1dG89MSZzc3BkYXRhPW55bTFDUEt3c29MQTZkZm5IaEFDR1BLVHpZT3FzOGlrTWlJT01UZzVMakV5TUM0eU1UUXVOVFVvQVREbzJNMllCUS4ufX0=

http://cdn.downloaddabs.com/.../setup.exe

http://cdn.us.brick-force.com/.../Setup.exe

http://www.javaupgraded.com/installer.php?cch=cd&dc=15

http://ttb.updatevideos.com/download/request/.../sNgQrLSD?ClickID=107--486--acc3b2fe3c&PubID=${VURLID}

http://ttb.lpmxp2142.com/download/request/.../xb9onqTr?__tc=1409601052.187&lpsl=a0fa378fb2648d7ccd6a0c4bbef247f4&expire=1409687453&tgu_src_lp_domain=www.dwldupdateultimate.com&ClickID=31739653041409601052&PubID=157824&fileName=Setup

http://getfplayer.com/get.php?c=ZnJvbT1nYXljbm4uY29tO2xmcm9tPWdheWNubi5jb207aWRjaGVjaz0xMzk2NTgxNDA5O3ZzPWdheWNubi5jb218O2luZGV4X3BhZ2U9MTtyb3RfaW49MTtIc3RDZmEyMDM4ODgwPTEzOTY1ODE0MDkwNTE7SHN0Q2xhMjAzODg4MD0xMzk2NTgxNDA5MDUxO0hzdENtdTIwMzg4ODA9MTM5NjU4MTQwOTA1MTtIc3RQbjIwMzg4ODA9MTtIc3RQdDIwMzg4ODA9MTtIc3RDbnYyMDM4ODgwPTE7SHN0Q25zMjAzODg4MD0xO2NfcmVmXzIwMzg4ODA9aHR0cDovL3d3dy5nYXljbm4uY29tLzs=&id=2&exv=

http://ttb.mplayerfree.com/download/request/.../tukoukBG?__tc=1426977442.458&lpsl=d47128e41ce054932cba8bf4daa77d9a&expire=1427063782&slp=www.bstsoftfile.com&ClickID=550df260427d49e2628b456f&fileName=Setup

http://www.anyprotect.com/dl.php?sct=NONC&data=null&anyprotect_id=1&r=ap_mtm1_nc&pr=s&prm=dXJsPXt7aHR0cDovL2QzODltNGw1YjV3bGNiLmNsb3VkZnJvbnQubmV0L2FwbHBtb3YuaHRtbD9jaD1hcF9tdG0xJmF1dG89MSZzdWIxPTEwNTg2MSZzdWIyPTE3NjY4MSZzdWIzPTIwd01GMjQucllJYkl6aGYzZmZYWkQxd0VnT1kwMDAuJmNlX2NpZD0yMHdNRjI0LnJZSWJJemhmM2ZmWFpEMXdFZ09ZMDAwLn19

http://ttb.qbw6urh5.com/download/request/.../epaieqdj?__tc=1418822863.454&lpsl=0089b15b019d4c32bc3142ebef569ef7&expire=1418909128&PubID=79_3811_3027&slp=www.fivsoften.com&ClickID=8701634460&fileName=Setup

http://secure.11-pn-installer.com/o/.../Setup.exe

http://ec2-54-221-171-112.compute-1.amazonaws.com/.../dl.php?sct=NONC&data=15ca82db580e63caee17b389484b637a&anyprotect_id=1&r=ap_mtm1_nc&pr=s1&i=adaagghihb&prm=dXJsPXt7aHR0cDovL2QxN3g1aGZudWJ2ZzY2LmNsb3VkZnJvbnQubmV0L3JuX2FwbHBtb3YuaHRtbD9wcng9ZWMyLTU0LTIyMS0xNzEtMTEyLmNvbXB1dGUtMS5hbWF6b25hd3MuY29tJmNpZD0xMjA4MTQxOTU1JnRuZz1nbGV5biZjaD1hcF9tdG0xJnN1YjE9MTA1ODYxJnN1YjI9MTc2NjgxJnN1YjM9MjB5U0FsMS5HcEoybXNVODNxcVBhbzF4eEdiQjAwMC4mY2VfY2lkPTIweVNBbDEuR3BKMm1zVTgzcXFQYW8xeHhHYkIwMDAuJmk9YWRhYWdnaGloYn19

http://www.lpcloudbox308.com/.../Setup.exe

http://get.file2desktop.com/.../Get?p=5492&d=19036&l=6303&n=1&productname=Setup.exe&d1=NUMBER&d2=NUMBER&d3=NUMBER&d4=NUMBER&d5=NUMBER&filename=Setup&clickid=wDFO91VADCHGL6TDGAU981FM

http://www.anyprotect.com/dl.php?sct=NONC&data=null&anyprotect_id=1&r=ap_100_nc&pr=s&prm=dXJsPXt7aHR0cDovL2QzODltNGw1YjV3bGNiLmNsb3VkZnJvbnQubmV0L2FwbHBtb3YuaHRtbD9jaD1hcF8xMDAmYXV0bz0xJmRwPS1fLU1Ea3lNMTgwTkY4eE5EWXlYekUwT0RGZlFsSmZNakF4TGpjNExqRXdNaTQ0TVY4MU1EbGZOemcyTUY5QlJGTS1fLUxxT1B0bWJmc3d0ekF3WkVlc2F1b2FGTWJHZmFfRjhhRHphay1WX19KLWJhZWQxRzB0SDAwT2VuZHphcWdBTU10MGV0YWdiMGFPbmFibmJPYU9kMHVlYlhzT3VFdXBkMHBxOXVocWFMRGV3ZTVZTXd4THdzUm5wZTZxWTF2YXZ4d25KOTh1eVdJZm51WDlRSGNsR3JzajBiYkdqaWplSmF0OVlCTG1hallDcXBXSk96aGs4Q05GXzZmb0NFaXROMEVvVENnbjNWaWtzOGRNWUljWUFOZjdvWmZVb3U2d09RQldSdHpHTjExQ3VsUmJDWmNpQ2pLMy1HZ1FaTS15MUUyLWVVc0pEVEV3RGJmOWpWbmZOekFBeXF3WUd0cVgxb0hBUmFRME44Q2ZuLWpLcVAyRkRzMDFpWG43ek1NVFZhakNjTW1iaUx5TlBLdzJ5UHlNUUhfd3dLcHpwckhYQy1rb0oyTWpZY3BkREJrZVpuem9jQVZVa2h1QkYwUERYZU9aY3lJTVZzZE80d0c4aUhxMDllZC1xUGljYkNnWElNSlpNY1ctNHRXd1RfOEZDeHVLdTRjalNOSDBhZn19

http://ttb.lpmxp625.com/download/request/.../xb9onqTr?__tc=1408215683.606&lpsl=8f46da662d4732b4cee513cf472da05d&expire=1408302084&tgu_src_lp_domain=www.dwnlultimate.com&ClickID=31351810311408215683&PubID=258733&fileName=Setup

http://www.lpmxp28.com/.../Setup.exe

http://ttb.b5o0309.com/download/request/.../XPK1gkLb?__tc=1413331009.358&lpsl=6a8e852784f5b35f262578f098403e72&expire=1413417404&zt=52bb02e76d47cdac3c000001&PubID=52bb02e76d47cdac3c000001&tgu_src_lp_domain=www.newplayerupdate.com&ClickID=&n=MFHD 4P3RT3MC1NT0S1 Dub&fileName=Setup

http://www.fraps.com/setup.exe

http://ttb.lpmxp637.com/download/request/.../xb9onqTr?__tc=1408926501.863&lpsl=27eed8384aa600ea2b549a0e27fa63a5&expire=1409016506&tgu_src_lp_domain=www.dwnlultimate.com&ClickID=30153513961408930105&PubID=258733&fileName=Setup

Latest 30 of 76 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 187-072-154-097.static.ctbctelecom.com.br  (187.72.154.97:80)

Remove setup.exe - Powered by Reason Core Security