home

Setup.exe

搜狗壁纸

Sogou.com

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from dl.bizhi.sogoucdn.com and multiple other hosts.
Publisher:
Sogou.com Inc.  (signed by Sogou.com)

Product:
搜狗壁纸

Description:
搜狗壁纸安装卸载程序

Version:
2.5.2.2510

MD5:
b1648fb4e17c83f7374f1539d2f13dc9

SHA-1:
7cde71c5f223e83c409ad056e29f57bff1949c63

SHA-256:
5d2dec6336573f172cd9422073b5470ab5048286f8da8093935aec4f7dd93e70

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 5:08:49 AM UTC  (today)

File size:
7.5 MB (7,839,560 bytes)

Product version:
2.5.2.2510

Copyright:
(C) Sogou.com Inc. All rights reserved.

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Sogou.com

Authority:
VeriSign, Inc.

Valid from:
6/24/2012 8:00:00 PM

Valid to:
8/24/2015 7:59:59 PM

Subject:
CN=Sogou.com, OU=Desktop, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sogou.com, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59B95D558C2DCC523572E3F8F9A5F79D

File PE Metadata
Compilation timestamp:
9/9/2009 9:23:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:2o7wT5WM9UYYhuYc5bf72icbpMxoqqhBrKFg1rTvw9c:2SwUM2YHpbf7T2hBrKFg1l

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9988

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

http://dl.bizhi.sogoucdn.com/.../sogou_wallpaper_25_2402.exe

http://dl.bizhi.sogou.com/.../sogou_wallpaper_25_2402.exe

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.