» setup.exe
Overview
Analysis
File Details
Downloads (12)

setup.exe

PBNGTBJJPYO

The executable setup.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from livestatscounter.com and multiple other hosts.

File name:

setup.exe

Publisher:

PBNGTBJJPYO

Product:

PBNGTBJJPYO

Version:

1.2.9.6

MD5:

b1c04a8882d12b4e80e426d72cfeb71b

SHA-1:

85239785584ebaba370c71eb28e3c111e2db7978

SHA-256:

ade12b2a03946244015da9fcc7ecdc92e4f0d23f356d543d23cb3e2f7cbc43cd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

12/5/2024 1:45:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.2.3.8

File size:

2 MB (2,064,384 bytes)

Product version:

1.2.9.6

Trademarks:

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\setup.exe

File PE Metadata

Compilation timestamp:

2/3/2016 3:01:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:vhMTJcv7RyJ1AFuByV+t0MrNsk9xe5Xx37:vhMYtyHKmtX9xo

Entry address:

0x94766

Entry point:

E8, 5C, 7B, 01, 00, E9, 35, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 0C, C4, 4A, 00, E8, 60, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 9C, D5, 4A, 00, E8, 41, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, 0C, C4, 4A, 00, E8, 23, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, 9C, D5, 4A, 00, E8, 05, 00, 00, 00, 83... 
[+]

Entropy:

7.1048

Code size:

819.5 KB (839,168 bytes)

The file setup.exe has been seen being distributed by the following 12 URLs.

http://livestatscounter.com/.../dl.php?r=vu_vo2_100&rr=R&sct=AGR&sid=A6F66039-6756-E311-BBF9-201A0686B00C&isnw=7&prd=1&civ=0&pac=AS&guidv=2

http://113.171.224.178/.../setup.exe

http://softcore.s3.amazonaws.com/rinoreader/.../setup.exe

http://113.171.224.208/.../setup.exe

http://113.171.224.207/.../setup.exe

http://113.171.224.209/.../setup.exe

http://113.171.224.206/.../setup.exe

http://d2xvc2nqkduarq.cloudfront.net/.../setup.exe

http://113.171.224.175/.../setup.exe

http://113.171.224.215/.../setup.exe

http://cdn.rapidofiles.com/download/85/60001/.../setup.exe

http://cdn.pmdownloadcdn.com/pricefountain/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.