Setup.exe

InstallShield

Macrovision Corporation

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from poker.tigergaming.com and multiple other hosts.
Publisher:
Macrovision Corporation  (signed and verified)

Product:
InstallShield

Description:
Setup.exe

Version:
11.50.42618

MD5:
49b3d2077199c44c1f3bbb16b4094ae6

SHA-1:
469ccf79a49d3e8d2609f7d54e1ae3dd73e10ee2

SHA-256:
9f592ba27a79b32d11fafa59facbbebdc9902410e37e2eafa22e677fc33f47e6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 1:03:27 PM UTC  (today)

File size:
118.2 KB (121,064 bytes)

Product version:
11.50

Copyright:
Copyright (C) 2005 Macrovision Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/14/2005 8:43:58 PM

Valid to:
2/14/2006 8:43:58 PM

Subject:
L=Schaumburg, S=Illinois, C=US, OU=STG Engineering, O=Macrovision Corporation, CN=Macrovision Corporation

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
3EFF24

File PE Metadata
Compilation timestamp:
11/14/2005 5:25:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:39r/8cJqkwNYIcljpaHOIGxBHyBFgzdpJec/IMc0PSFRJvGoiXnod:3N/DqkwWIc5sHt4B1wYPU

Entry address:
0xCE22

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 58, 21, 41, 00, 8B, F0, 85, F6, 75, 08, 6A, FF, FF, 15, 54, 21, 41, 00, 8A, 06, 57, 8B, 3D, 88, 22, 41, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 50, 21, 41, 00, F6, 45, E8, 01, 5F, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF...
 
[+]

Entropy:
6.2884

Packer / compiler:
InstallShield Custom

Code size:
66.5 KB (68,096 bytes)

The file Setup.exe has been discovered within the following programs.

Driver Booster  by IObit
Publisher's description - “Outdated drivers may heavily affect your PC performance and lead to system crashes. Driver Booster scans and identifies outdated drivers automatically, and downloads and installs the right update for you with just ONE click, saving you loads of time.”
www.iobit.com
43% remove it
Live Update 5  by MSI Co., LTD
MSI Live Update 5 is the updater program which runs with Windows (in the background as a service) and automatically starts up when your computer boots. It checks for updates and automatically downloads and installs them if found based on the user's settings.
www.msi.com/index.php
25% remove it
www.apple.com
7% remove it
Mozilla Firefox is a free and open source web browser. Firefox 26 changed the behavior of Java plugins to "click-to-play" mode instead of automatically running them.
www.mozilla.org/en-US
5% remove it
Realtek High Definition Audio Driver  by Realtek Semiconductor Corp.
Realtek's High Definition Audio Driver provide high quality DTS, Dolby, Surround Sound to your PC via the audio card.
www.realtek.com.tw
9% remove it
Publisher's description - “The Xerox Phaser 6180MFP color multifunction printer is the feature-packed performer for small-to-medium-size offices. You get fast printing and copying, excellent ease-of-use, and outstanding color quality in every attention-grabbing page.”
www.office.xerox.com/multifunction-printer/color-multifunction/phaser-6180mfp/enus.html
About 8% of users remove it
 
Powered by Should I Remove It?

The file Setup.exe has been seen being distributed by the following 19 URLs.

https://poker.tigergaming.com/.../download

http://download1952.mediafire.com/dhcdar1sghrg/.../Setup.exe

http://pcpurifier.com/getip_build_lp.asp?utm_source=1072&utm_campaign=1072p&utm_pubid=8970&clickid=AKhWMuXQ0wgAFV0A2PWAwJJAVrlkTrlUgzY2BAm_mV__AAAAAAADAAE&campid=1791202&pop=2

http://install.oinstaller6.com/o/.../Setup.exe

temp:Setup.exe

Scan Setup.exe - Powered by Reason Core Security