Setup.exe

The file Setup.exe has been detected as malware by 6 anti-virus scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.tagappchuckle.com and multiple other hosts.
MD5:
20d8e98e4ea142f452bb9bce4798b63f

SHA-1:
4f7435bca8a190fcf01852fd2f241f3ad02e6a66

SHA-256:
69b8ccf704c553b86c71145e49fb5f86834450f3a34fab046c028025f234ec7e

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 5:30:03 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Sality
2.1.4+

Avira AntiVirus
TR/Dropper.Gen
8.3.2.4

Bkav FE
HW32.Packed
1.3.0.7400

Panda Antivirus
Trj/Genetic.gen
16.02.06.02

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16204

File size:
291 KB (297,984 bytes)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
2/6/2016 4:58:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WpVzA46bQaTEckbVs+sKgEbkZV1h6L4rha/J38XraLsVhuZH:WpRA42QaTE3FsKoZV1h6LMh6J3grRhuZ

Entry address:
0x3C4E6

Entry point:
E8, 74, 1F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 82, 1A, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, E8, 87, 44, 00, 74, 12, 8B, 0D, A0, 85, 44, 00, 85, 48, 70, 75, 07, E8, A1, 29, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, A8, 84, 44, 00, 74, 16, 8B, 46, 08, 8B, 0D, A0, 85, 44, 00, 85, 48, 70, 75, 08, E8, 00, 22, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Entropy:
7.7756  (probably packed)

Code size:
268.5 KB (274,944 bytes)

The file Setup.exe has been seen being distributed by the following 5 URLs.

http://www.tagappchuckle.com/.../installer.exe

Remove Setup.exe - Powered by Reason Core Security