home

Setup.exe

BlueSize

Anthony Puppo

The file Setup.exe has been detected as malware by 11 anti-virus scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from dc624.4shared.com and multiple other hosts.
Publisher:
Anthony Puppo

Product:
BlueSize

Version:
1.0.0

MD5:
26d788af09543bdf41591b531529d2e7

SHA-1:
4e391ce10113d712c542bdd13fd4764ba20dc839

SHA-256:
9814a44cde7bc65c03f8e98fd1fcc41a886244f47f5128e21a7451de9e57ff3a

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/23/2024 10:32:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.602102
619

Baidu Antivirus
Hacktool.MSIL.Confuser
4.0.3.15526

Bitdefender
Gen:Variant.Kazy.602102
1.0.20.730

Emsisoft Anti-Malware
Gen:Variant.Kazy.602102
8.15.05.26.01

ESET NOD32
MSIL/Packed.Confuser.J suspicious (variant)
9.11686

F-Secure
Gen:Variant.Kazy.602102
11.2015-26-05_3

G Data
Gen:Variant.Kazy.602102
15.5.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1982

McAfee
Artemis!26D788AF0954
5600.6753

MicroWorld eScan
Gen:Variant.Kazy.602102
16.0.0.438

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

File size:
132 KB (135,168 bytes)

Product version:
1.0.0

Copyright:
Copyright © Anthony Puppo 2015

Original file name:
BlueSize.exe

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
5/25/2015 5:50:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:/4Q+L0hfbiyQKUJ6f2GL8o0/I6/z0NKoF0+:sLUbiyQKUJJo0/I6LZ+

Entry address:
0x1F56E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8094

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
117.5 KB (120,320 bytes)

The file Setup.exe has been seen being distributed by the following 5 URLs.

http://dc624.4shared.com/download/.../BlueSize.exe

http://dc776.4shared.com/download/.../BlueSize.exe

https://d17.usercdn.com/d/.../BlueSize.exe

http://clashbot.org/.../BlueSize.exe

temp:BlueSize.exe

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.