» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Mapping & GIS Product Comparison Desktop Version 2.59

Trimble Navigation Limited

The application setup.exe, “Mapping & GIS Product Comparison Desktop Version 2.59 Setup ” by Trimble Navigation Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from trl.trimble.com.

File name:

setup.exe

Publisher:

Trimble Navigation Limited (signed by Trimble Navigation Limited)

Product:

Mapping & GIS Product Comparison Desktop Version 2.59

Description:

Mapping & GIS Product Comparison Desktop Version 2.59 Setup

MD5:

a4e21819bb6e284c671aee9b0067dee3

SHA-1:

57c433e01cd21e603b772f5190fe6c0c4c1ee1de

SHA-256:

c21eb35f734af0e1dcb5094fa00a6c8cd4ee2da40ab96836ff6437a3184c35ec

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/5/2024 8:17:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.3.5.6

File size:

2.7 MB (2,823,192 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Trimble Navigation Limited

Authority:

thawte, Inc.

Valid from:

5/26/2015 9:00:00 PM

Valid to:

6/21/2017 8:59:59 PM

Subject:

CN=Trimble Navigation Limited, OU=IS Department, O=Trimble Navigation Limited, L=Sunnyvale, S=California, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5B4FB826A0BE1D2323820BA5F0F40949

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9965

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://trl.trimble.com/docushare/dscgi/ds.py/Get/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.