» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ttb.obvj0w71hq.com.

File name:

setup.exe

MD5:

eeb8733c1b33dcfe3818557bf3ea1755

SHA-1:

8571528dd5e59aec236c8fccc65a4aca13c5fd20

SHA-256:

ac0a65e914bb4d105923be1f090d1d37121513127336c3ae38d1fdb4f013aa09

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/7/2024 10:42:33 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SoftPulse-AY [PUP]

160518-2

Dr.Web

Trojan.DownLoader11.36367

9.0.1.05190

Reason Heuristics

PUP.Softpulse.Bundler.AT (M)

16.6.15.22

File size:

507.4 KB (519,546 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

10/15/2014 12:33:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:FZe1bLrQ2SypGnp+GqgetO9M4Jvb7CZSI14QNVcmDwfhoDLPFtQ0ro9FJ8/l9pML:6RuypG9BeixhKZ9V74h4LPFtut8tXI1

Entry address:

0x7F26

Entry point:

E8, 14, 43, 00, 00, E9, 7F, FE, FF, FF, E9, 46, 25, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 34, 48, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, EE, 2C, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 24, A5, 48, 00, E8, 74, 2F, 00, 00, 68, 3C, 06, 49, 00, 8D, 45, F0, 50, C7, 45, F0, 1C, A5, 48, 00, E8, A8, 25, 00, 00, CC, 55, 8B, EC, 53, 8B, 5D, 10, 8B, C3, 56, 83, E8, 00, 0F, 84, DC, 16, 00, 00, 48, 0F, 84, C4, 16, 00, 00, 48, 0F, 84, 8E, 16, 00, 00, 48... 
[+]

Code size:

81 KB (82,944 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://ttb.obvj0w71hq.com/download/request/.../CJzxGx39?__tc=1413418891.485&lpsl=20b62221e5a8ca704fc92faeb8016881&expire=1413505059&PubID=234698&tgu_src_lp_domain=www.dwlsoftultimate.com&ClickID=30382502531413418652&fileName=Setup

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.