setup.exe

DesktopDockSetup.exe

Desktop Dock

The application setup.exe by Desktop Dock has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr9.com and multiple other hosts.
Publisher:
Desktop Dock  (signed and verified)

Product:
DesktopDockSetup.exe

Version:
1.0.0.15

MD5:
0203d645f0c8b39092b6d7401e5b742f

SHA-1:
67013ce68f001761df286141adcc99be5fd95c69

SHA-256:
f4f123ea10bf4e1c5312eed2f7351a07c485634d8203443404ff6fd9624f74f7

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:12:38 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.839
9.0.1.0358

K7 AntiVirus
Unwanted-Program
13.188.14426

Malwarebytes
PUP.Optional.DeskTopDock.A
v2014.12.24.07

Reason Heuristics
PUP.Installer.DesktopDock.F
14.12.24.7

Trend Micro House Call
Suspicious_GEN.F47V1223
7.2.358

File size:
130 KB (133,080 bytes)

Product version:
1.0.0.15

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/9/2014 3:00:00 AM

Valid to:
5/9/2016 2:59:59 AM

Subject:
CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
72D187E754B89EF452FF82C8A9DE9B

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:uuxkZuTXJ+hc/iumZKOnx3hm8CeI4RYDt:uSAhcK7Lx3hm8CTOYDt

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security