» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The executable setup.exe has been detected as malware by 37 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from repository.ags.gwsrv.com.

File name:

setup.exe

Description:

Setup

Version:

12.0.21005.1 built by: REL

MD5:

5a0373a0531a9d84fd6dba44acccff9f

SHA-1:

42398360f8bf591690c1ec807991b8e5115c3b11

SHA-256:

8e07af1683d936bc98aebd4e859ba6bcac44c8912ab1a4714bcfb470153b1bec

Scanner detections:

37 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/27/2024 3:38:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Expiro.Gen.2

217

AegisLab AV Signature

W32.Expiro.lMso

2.1.4+

AhnLab V3 Security

Win32/Expiro4.Gen

2016.05.12

Avira AntiVirus

W32/Expiro.akoh

8.3.3.4

Arcabit

Win32.Expiro.Gen.2

1.0.0.672

avast!

Win32:Xpirat

2014.9-160701

AVG

Win32/Expiro

2017.0.2695

Baidu Antivirus

Win32.Virus.Expiro

4.0.3.1671

Bitdefender

Win32.Expiro.Gen.2

1.0.20.915

Bkav FE

W32.FamVT.ExpiroPC.PE

1.3.0.7717

Comodo Security

Virus.Win32.Expiro.NB

24996

Dr.Web

Win32.Expiro.66

9.0.1.0183

Emsisoft Anti-Malware

Win32.Expiro.Gen

8.16.07.01.03

ESET NOD32

Win32/Expiro.NBQ

10.13474

Fortinet FortiGate

W32/Expiro.fam

7/1/2016

F-Prot

W32/Expiro.BC

v6.4.7.1.166

F-Secure

Win32.Expiro.Gen.2

11.2016-01-07_6

G Data

Win32.Expiro.Gen

16.7.25

IKARUS anti.virus

Virus.Win32.Expiro

t3scan.2.0.9.0

K7 AntiVirus

Virus

13.224.19570

Kaspersky

Virus.Win32.Expiro

14.0.0.-28

McAfee

W32/Expiro.gen.o

5600.6351

Microsoft Security Essentials

Virus:Win32/Expiro.BA

1.1.12706.0

MicroWorld eScan

Win32.Expiro.Gen.2

17.0.0.549

NANO AntiVirus

Virus.Win32.Expiro.cjfffi

1.0.30.8213

nProtect

Win32.Expiro.Gen.2

16.05.11.01

Panda Antivirus

W32/Expiro.gen

16.07.01.03

Qihoo 360 Security

Win32/Trojan.8b0

1.0.0.1120

Quick Heal

W32.Expiro.AX

7.16.14.00

Rising Antivirus

Virus.Expiro/AllInOne!1.A140

23.00.65.16629

Sophos

W32/Expiro-H

4.98

Total Defense

Win32/Expiro.AK

37.1.62.1

Trend Micro House Call

PE_EXPIRO.JX

7.2.183

Trend Micro

PE_EXPIRO.JX

10.465.01

Vba32 AntiVirus

SScope.Virus.Expiro.gen

3.12.26.4

VIPRE Antivirus

Virus.Win32.Expiro.gen.a

49304

Zillya! Antivirus

Virus.Expiro.Win32.94

2.0.0.2856

File size:

1006 KB (1,030,144 bytes)

Product version:

12.0.21005.1

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

File PE Metadata

Compilation timestamp:

10/5/2013 6:40:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:+DLiFXFWiqsuL7+nua2oWG5S6kynay6WIW:iLcPyvo/Slyna

Entry address:

0x2FAFD

Entry point:

42, 42, 50, 41, 51, 4A, 4A, 52, 41, 53, 41, 54, 41, 55, 56, 89, F8, 50, 89, C8, 40, 55, 89, E5, 81, EC, 90, 00, 00, 00, 53, 56, 57, C7, 45, F0, 07, 00, 00, 00, BE, 08, 00, 00, 00, C7, 45, FC, 0C, 00, 00, 00, B8, 31, 00, 00, 00, B9, 07, 00, 00, 00, BA, 93, 24, 49, 92, 51, 89, C1, F7, EA, 01, CA, C1, FA, 02, C1, F9, 1F, 29, CA, 89, D0, 59, 89, 45, F4, BB, 04, 00, 00, 00, 8B, 45, FC, 83, E8, 0C, 89, 45, CC, C7, 45, E8, CD, 40, 00, 00, C7, 45, B0, 3C, 50, 00, 00, 81, 45, E8, 3D, 47, 00, 00, C7, 45, CC, 54, 4B... 
[+]

Code size:

323.5 KB (331,264 bytes)

The file setup.exe has been seen being distributed by the following URL.

https://repository.ags.gwsrv.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.