» setup.exe
Overview
Analysis
File Details
Downloads (2)

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from cdn.rapidofiles.com and multiple other hosts.

File name:

setup.exe

MD5:

09dc0eabc6909136805dc843a8224946

SHA-1:

404ddcf60870cd7d760b24ffd06e955f838c43ba

SHA-256:

e4a0b6f01dc40056fa002fd396ebe0c32737f5971a4276e0094352e0a9de3e05

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

12/5/2024 1:27:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.TP.miZ@bKoUibj

696

AhnLab V3 Security

PUP/Win32.CrossRider

2015.03.10

Avira AntiVirus

TR/Dropper.Gen

7.11.215.110

avast!

Win32:Dropper-OHA [PUP]

2014.9-150310

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.15310

Bitdefender

Gen:Trojan.Heur.TP.miZ@bKoUibj

1.0.20.345

Comodo Security

TrojWare.Win32.TrojanDropper.Addrop.A

21349

Dr.Web

Trojan.Crossrider1.18052

9.0.1.069

Emsisoft Anti-Malware

Gen:Trojan.Heur.TP.miZ@bKoUibj

8.15.03.10.03

ESET NOD32

Win32/TrojanDropper.Addrop (variant)

9.11292

Fortinet FortiGate

W32/Agent.PEOK!tr

3/10/2015

F-Secure

Gen:Trojan.Heur.TP.miZ@bKoUibj

11.2015-10-03_3

G Data

Gen:Trojan.Heur.TP.miZ@bKoUibj

15.3.25

K7 AntiVirus

Trojan

13.200.15204

Kaspersky

Trojan-Dropper.Win32.Agent

14.0.0.2367

MicroWorld eScan

Gen:Trojan.Heur.TP.miZ@bKoUibj

16.0.0.207

Panda Antivirus

Generic Suspicious

15.03.10.03

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.10.15

Vba32 AntiVirus

TrojanDropper.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38260

ViRobot

Trojan.Win32.Agent.207280[h]

2014.3.20.0

File size:

195.5 KB (200,192 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata

Compilation timestamp:

2/1/2015 10:46:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:IhObCUwmJCFF3/uOTpenz8Wr7YFvtFfWgP3:sObCU30b3/boYLFvtFfWgP3

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, A0, 00, 00, 00, C7, 45, F4, 00, 00, 00, 00, EB, 09, 8B, 45, F4, 83, C0, 01, 89, 45, F4, 81, 7D, F4, 80, 00, 00, 00, 7D, 12, B9, 01, 00, 00, 00, 6B, D1, 00, C6, 84, 15, 60, FF, FF, FF, 00, EB, DC, 68, 80, 00, 00, 00, 8D, 85, 60, FF, FF, FF, 50, 6A, 00, FF, 15, 14, 20, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 02, 6A, 00, 6A, 00, 68, 00, 00, 00, 40, 68, 52, 20, 40, 00, FF, 15, 1C, 20, 40, 00, 89, 45, E8, 0F, B7, 0D, 2C, 20, 40, 00, 89, 4D, F0, 8B, 55, F0, C1, E2, 04, 89, 55, F0, A1, 4E, 20... 
[+]

Entropy:

7.5177

Developed / compiled with:

Microsoft Visual C++

Code size:

512 Bytes (512 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://cdn.rapidofiles.com/download/85/60001/.../setup.exe

http://dl.ourinputinfonet.com/catchv2plus/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.