» setup.exe
Overview
Analysis
File Details
Downloads (2)

setup.exe

DesktopDockSetup.exe

Desktop Dock

The application setup.exe by Desktop Dock has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr9.com and multiple other hosts.

File name:

setup.exe

Publisher:

Desktop Dock (signed and verified)

Product:

DesktopDockSetup.exe

Version:

1.0.0.15

MD5:

0203d645f0c8b39092b6d7401e5b742f

SHA-1:

67013ce68f001761df286141adcc99be5fd95c69

SHA-256:

f4f123ea10bf4e1c5312eed2f7351a07c485634d8203443404ff6fd9624f74f7

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 8:15:35 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.839

9.0.1.0358

K7 AntiVirus

Unwanted-Program

13.188.14426

Malwarebytes

PUP.Optional.DeskTopDock.A

v2014.12.24.07

Reason Heuristics

PUP.Installer.DesktopDock.F

14.12.24.7

Trend Micro House Call

Suspicious_GEN.F47V1223

7.2.358

File size:

130 KB (133,080 bytes)

Product version:

1.0.0.15

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Desktop Dock

Authority:

COMODO CA Limited

Valid from:

5/9/2014 3:00:00 AM

Valid to:

5/9/2016 2:59:59 AM

Subject:

CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

72D187E754B89EF452FF82C8A9DE9B

File PE Metadata

Compilation timestamp:

12/6/2009 12:52:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:uuxkZuTXJ+hc/iumZKOnx3hm8CeI4RYDt:uSAhcK7Lx3hm8CTOYDt

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://cdn.airdlr9.com/downloads/offers/.../DDock_Setup.exe

http://ogdelivery.com/DesktopDock/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.