» Setup.exe
Overview
Analysis
File Details
Downloads (1)

Setup.exe

BitCro Social

Cro-bit Ltd.

The file Setup.exe has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the Inno Setup installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from landing.bitcro.com.

File name:

Setup.exe

Publisher:

Cro-Bit Ltd. (signed by Cro-bit Ltd.)

Product:

BitCro Social

MD5:

2ec0a4dc263a3718ec4f83587dca9135

SHA-1:

708b5cccf5b44f3677eb4e44394c026a2abcc445

SHA-256:

892c07b897899ddc915a338c503e1a7f2779445838c4dbd5dc568fbfc31fb71d

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

12/26/2024 1:34:50 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.StartPage

4.0.3.15528

Kaspersky

HEUR:Trojan.Win32.StartPage

14.0.0.1973

McAfee

Artemis!2EC0A4DC263A

5600.6752

Trend Micro House Call

Suspicious_GEN.F47V0517

7.2.148

VIPRE Antivirus

Cro-bit Ltd

40452

File size:

1.7 MB (1,755,104 bytes)

Product version:

4.0

Cro-Bit Ltd.

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Cro-bit Ltd.

Authority:

VeriSign, Inc.

Valid from:

11/27/2014 7:00:00 PM

Valid to:

12/28/2015 6:59:59 PM

Subject:

CN=Cro-bit Ltd., O=Cro-bit Ltd., L=Stobreč, S=Split-Dalmatia county, C=HR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7F2D19766B834CFDDA0D49550A10D450

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:N96HUXF2YYiCha3STDy9v1qjLSY+VJ1jsFEbx:7FE9M3Sf+4jehVTsFEbx

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9889

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://landing.bitcro.com/affiliate/.../adobe_flashplayer_setup.exe

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.