setup.exe

Magnus Johansson

This is a setup and installation application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Magnus Johansson  (signed and verified)

Description:
Setup

Version:
12.0.21005.1 built by: REL

MD5:
8021835476c58e1baebe8d3e6192ccd0

SHA-1:
70e2a33b9a3e08a0aa24085e75615543f7ab21ad

SHA-256:
f3ab1834a7701233548f6e29f4f3f205be89664f6772171933822b7b80ab5564

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 2:43:55 AM UTC  (today)

File size:
471.1 KB (482,416 bytes)

Product version:
12.0.21005.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
StartCom Ltd.

Valid from:
3/23/2013 7:12:21 AM

Valid to:
3/24/2015 5:25:26 AM

Subject:
E=c.magnus.johansson@gmail.com, CN=Magnus Johansson, L=Zurich, S=Zurich, C=CH, Description=v7TVxACHoTf5kx7X

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
093B

File PE Metadata
Compilation timestamp:
10/5/2013 6:40:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:DDRMxppSSVridF55EGOaJhaQXgFIaUHQWWiNLsqEIvooEE0WgpgN8ojEu4dY:DDGxppI1wQwFXQWiNd8o4u46

Entry address:
0x2FAFD

Entry point:
E8, AD, 65, 00, 00, E9, 7F, FE, FF, FF, E9, 06, 32, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, B5, 32, 00, 00, C7, 06, 44, 65, 40, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 44, 65, 40, 00, E9, C0, 32, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 64, 6D, 00, 00, 59, 85, C0, 74, 11, FF, 75, 08, E8, C5, 6C, 00, 00, 59, 85, C0, 74, E6, 8B, E5, 5D, C3, 6A, 01, 8D, 45, FC, C7, 45, FC, 4C, 65, 40, 00, 50, 8D, 4D, F0, E8, 47, 32, 00, 00, 68, 4C, 10, 45, 00, 8D, 45, F0, C7, 45, F0, 44, 65, 40, 00, 50...
 
[+]

Code size:
323.5 KB (331,264 bytes)

The file setup.exe has been seen being distributed by the following 6 URLs.

https://dw.uptodown.com/dwn/rHkqHm5bf-qxBbMrnvkjbNaFTVtK4PlEbjTiWPqh-UA2s69Z5r2H2g7qBR3j6TYDUG3Z8bZcsEfAOHfLtD5Sy5HfGoTlOdyZaV-YRlqTRF-r2zqnrv7ibYljzl1PA212/djT-uMJHJ4iBWa98vvwRDDcJfrHTLC9RW8dlNRnuRjvGp3A7ZhYCOAtQQQWxYGg-dHt3NrYiLzaEWXGjuNuxSM3MhWR3GJKSalwtgBPKuS721N1AqwsG8ydGvYJwHQvb/oMzZ0Kk7w9me7wod6TmiFNfH1aOjAYtcQ9MrAhqn5lVEVo4ZgwE4tV7BKbdPX8AeYQy3eD-apNcrOMpBgwIW9CUwRwszzilfnnq1V8qyMQ9-iRu19cHU7VPj0-GoGjgW/.../

https://dw.uptodown.com/dwn/cCiCUB1z8f1i6jBTlNuNH-QRU24_zW2Ybn5NxLg8IFIeMuuxFUF7T7zJUZqk1m8SpWo8r2Z0we0VUT-izAX1ssiSY0R9idm-ZAMdyz0_U8Z597idqcbptH8pB-pbpNkg/3A-YyklRnOB63ZPoUuXYVA2P1IVDFp1uGhHhWKuggXNJQ-r6s6XgMAUNlEXqupLdcveTwmk4ZCdkqBwh37wx1lAuk3rW-DsuYacSdTRtJn7BSxhtULFSjfgZudCUb4YE/P_XqUkCTeGXb8Rh8HixdDSei8eoYvjTFK2PTEPmF1_dGazClHI9LJX6nntoH5Wg3AheeJgCFLCNPKRX9yHWVVSqd_PWQVEtryV6-y7Ts5KlWbl7ZpBWVGZqt2t47ixNx/.../

https://dw.uptodown.com/dwn/4TEYoPqS2WAAKJ_FIKPuxB34-NAIL2hLx5QrJf7_C8nnETf2O3Vneg9J1QdnaNxUTPeubV-0cpj2xeiKHu_2Xb3i9jVsuGdp7J5V73cwLamPLFqMCYen6h_CMk6N95Lz/knvvS2-glkcuN57iRZAJOYY-iZIW0Lq4u2Z8H6gY1O7iHYLkY4xl8NiCq1bnU5m3ow7Ug5ozoJGBu87zdjS2VthIVqld7vuvjY68Y2rpJaVBm-MDgmdo1qGVmuRBTXKt/SpGZjzwDn8nri2PlPkp2viFQZg86nt2k-YJR7MFCgiymIB1ucVZQNco4dzoxZ5RsZidics6DoGpsCMORh8BRg94b4CaDS-O9gswILxXr6WJ-AHHFEn7tmop48DlvSuZC/.../

http://dw.uptodown.com/dwn/7Cb217-xRI95FMS2xI8gARIYqwSLhyDyIc16TL39ZEFIgd0ia28nZhlEpMfqYPPHiBgsCau9IfwWgE6SPukkPpccNXjqw2JCVvmcWoCWbQe5MJLhV1H6zEcaqepuzJi8/oi_Aa3dChuzzY8Wv44ASDB6_05RltwgvMlRKaiyulohOE3Ru5go6tQ1AJfZc-RH-luH2WBmzXBgXaWeFKuwLBbYNPTSXvGtDeZEfQnEmrJrjrj2QhZS6LuASNpRd227U/N-PhK8PjibeIzWv8Jy9U6gqiVuQqjimsmW3EHB3ZsHj1_y2iH0ngwVsTaZkgTN796tzOWbzHsSIKBJRQZGwUBTFE6M0zAw7vZLou0BWsYX6kBSgwRdv8tYc00k9_K1gv/.../

https://dw.uptodown.com/dwn/EeZt_SqxxzfU3MfwVNhOlIDLrNVAfn9EVBY67qPMvi2jc6nodof_gXkTplCSkgNjrDYEnTgwbFECL__64DeMXy0eSkBHDQPENgYp1gl1J1M51lFycbTlEvMG8qr9MIMo/26WpszgTP58a-G9FrlJRS7hzfE1Vt6Qq8Frc1890p1H_tu_EMNy6lgJyPz7gSftlWnJKOmfetIEY0vvhj_Wucatw9TA7i6ek2ltS6tDhj8f7beURFK7xHcR5Bl_tNLUs/vhxbmvwOtOcZzKZT2sMzOyxojYlEl57XT1Va8wZboQb6mnqtmsaWKPM3m6ZZB29theaiXKyJnwXr6ZUFjxpkg1V1G0InMIgWCj5ZFoGQKaQ6Xf_Zv50mrMJWEOQ_BkNg/.../

https://dw.uptodown.com/dwn/cABiaWrQl00D1LmTM9iVbPv8XwYZourNUo9zwJh4k7y5AtZqQD2Cy5sJMOU_rV5bom5a7VBoRGS4H9k6vPvMVEFobbpu9OFnQRvDHY__obL-yLil9B8aCtdDUv-bPiTl/wsIQyIlgVIIHdS0nTV3Zp1WDxdub8dnKnCbGSy5h3qEqkFzxxnrrnZAcO3XrTg5CibK01z83iOiz3QHzfD9b0fkeAa9iF7OmEkO8IprWK9XXuRdnE_HyZoKuop3eQo6v/elHOZNls45b8pUFQ1NF5Su_fTzCTv-480o9ccT2jYxRvFN2pQgILQcA7rziz9_oE6s2gvpnBzZ_roZjSpys1PTCYIGDmzk0NyyE19VZDJuYieUzZ6r0bU-7ONx727R6l/.../

Scan setup.exe - Powered by Reason Core Security