setup.exe

The application setup.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dlp.allfiles100.com.
MD5:
c846858f23025ff1fa806207f1852ccb

SHA-1:
4b987a659bb7c4b95a341c0cc7449b30f4bbebfd

SHA-256:
8f3d0ef7729c19b19764b430e40e89be0c46c641cfa1a355a2aeff1477a996ab

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:15:47 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.14

Clam AntiVirus
Win.Adware.Agent-7635
0.98/21411

Comodo Security
Application.Win32.DomaIQ.CIRT
18849

Dr.Web
Trojan.DownLoader11.20238
9.0.1.0187

IKARUS anti.virus
PUA.DomaIQ
t3scan.1.6.1.0

McAfee
Artemis!C846858F2302
5600.6986

Panda Antivirus
Trj/Genetic.gen
14.07.06.10

Trend Micro House Call
Suspicious_GEN.F47V0707
7.2.278

Zillya! Antivirus
Adware.Lollipop.Win32.236
2.0.0.1857

File size:
310 KB (317,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
7/4/2014 6:57:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:KMBMXBfEpLjJelc/dV3CImWhJMtC7LvaSXG+duyNrPjEOMlqKVM:KW+BwZIe/3CImmqtwjaLQuEEOhKVM

Entry address:
0x31FF

Entry point:
B8, 3C, B5, 4C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 43, 6F, 6D, 70, 72, 65, 73, 7A, 69, 70, 00, 4C, 82, 70, 0A, 6A, A0, 75, 26, A0, D5, AF, 64, B3, 43, BF, 86, 21, 15, 43, ED, 52, DE, 9D, AD, 77, 98, FF, 55, 07, 4C, 28, 5E, 54, 8C, 41, 02, 45, D1, 7E, FA, 00, 16, BE, 92, 89, EE, 2D, 50, 43, F5, 1A, 43, 6E, ED, 0E, 45, 74, 44, 21, 6C, 65, 5A, 40, 54, 2A, D3, DA, E3, F9, 4E, 0C, 6E, 1F, 4F, 04, 8E, C5, 40, FD, 54, 12, 28, 77, D2, 41, F9, 1E, 57, A3, 34, 88, 83, 75...
 
[+]

Entropy:
7.9957  (probably packed)

Code size:
112.5 KB (115,200 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security