home

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with Microsoft Office Professional Plus 2013 version 2013. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Setup Bootstrapper

Version:
15.0.4420.1017

MD5:
aa63d1fa6d81d69c08b388c7b54d9507

SHA-1:
8688539cfc21de8e6d9256b31dc626f21280b7fc

SHA-256:
c55bc3de64eb6553d66523b9f462a0dcc0f137a6a0c4e5fbb473a74c36cc90a8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/25/2024 12:54:35 AM UTC  (today)

File size:
202.6 KB (207,496 bytes)

Product version:
15.0.4420.1017

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\temp\setup.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/26/2012 1:50:41 PM

Valid to:
10/26/2013 1:50:41 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000088590E3C511FE26A67000100000088

File PE Metadata
Compilation timestamp:
9/29/2012 10:47:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
768:OEDKbAgIfB3l02zP8l7dghCBWn/2z2g9XYsnHZZZZZZZZZZZZZbJRaCnwPxd1uhU:BB102zOoxn/2fYsnpJRaCAd1uhNRh

Entry address:
0x2F05

Entry point:
E8, AB, 14, 00, 00, E9, 81, FE, FF, FF, 3B, 0D, 10, 80, 40, 00, 0F, 85, 35, 15, 00, 00, F3, C3, 68, CA, 2F, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 10, 80, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 68, CA, 2F, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24...
 
[+]

Entropy:
3.1641

Code size:
26 KB (26,624 bytes)

The file setup.exe has been discovered within the following program.

Microsoft Office Professional Plus 2013 version 2013  by Microsoft Croporation, Inc.
www.microsoft.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 50 URLs.

https://mega.nz/temporary/.../cMp2mBaa

http://ttb.dllfilebv.com/download/request/.../v5UaierS?__tc=1463075269.658&lpsl=71885e310401bdb4dac9ad782a7d4bd7&expire=1463161662&subID=MjYzIzI3ODAjMTA1IzIwNjY3fDI4NDM4M3xCUnwzfDF8fHx8NTJmNDhmMzAtMTBhYi0xMWU2LTk1YTAtOTg0YmUxNzdlYTMw&slp=www.getfileex.com&fileName=Setup

http://xn--gebzbbce.co.il/Jwt?exit=1&ac=slow

https://dav16.tappin.com/segunajisefinni@gmail.com/Microsoft Office 2013 Professional Plus x86/.../setup.exe

http://mirror.tallysolutions.com/CXDownloadManagerStreamFile.php?strFileName=setup.exe&strFileLocation=R5.4.5_Gold/TE9/.../&strRemarks=Sample remarks&strFileID=349&strRemoteIP=139.167.155.240

https://www.dropbox.com/pri/get/Office/.../setup.exe

https://urbansa.sharepoint.com/sites/sistemas/Documentos compartidos/SISTEMAS/.../setup.exe

https://onedrive.live.com/.../2RFq5eWfFDm1EN6B6N45cnJ8i7hvmcKNIhzxQro=6

https://doc-10-7o-docs.googleusercontent.com/docs/securesc/sogcm9ogmv4q5ro9pq0nfkmetrk5vgl5/38d1do4osi48hrv43sdmscao74bhv6ph/1474934400000/17742215984871697443/.../0BxvUCVMefvGeVUY2WlpBckZJeTQ?h=06114832177170270364&e=download

https://doc-0s-bk-docs.googleusercontent.com/docs/securesc/u27nev5gvt2n48tf7q9b6cq8ml04m5om/meb9a55o8lrs6upk35uq8rj396g9mtbf/1477785600000/15012312087786474373/.../0B8nvh54sZX-ydFVjZGxXbm55Nkk?e=download

https://doc-0c-7o-docs.googleusercontent.com/docs/securesc/23okoiq6lo250sen289trccml6faqlta/f0d4gojrs1le4nv2le8kmh3f15ei3sqb/1476784800000/.../11658238599572193373/0B562jTqA_zYzdXJyNzBuRzNYMHc?e=download

https://doc-0s-4s-docs.googleusercontent.com/docs/securesc/otbpihj0ii87m7bgqahgtfkbr4k3vtfe/j3igtdfidnsgk2adkv3hhi0ctfg5516h/1481119200000/05979498471104503501/.../0B-g_7zxCKvMOa0RvekljYlBwejg?e=download

https://doc-0s-90-docs.googleusercontent.com/docs/securesc/ueqk8lf883obsttrm2uau7u0ag6qj28m/974tt0j7s12f0f5di5k4hs9kth0r1vtf/1476093600000/.../05294739302372951188/0B212VfzbHyyOS0luaF9Zc2dHZGs?e=download

https://docs.google.com/uc?id=0B1F8V6Z_-TXHMTNDYjlzeXplNlE&export=download

https://mega.nz/temporary/.../EAUGDRiR

ftp://ftp.ptcl.net.pk/IT PTCL Support/PC softwares (ptcl)/MICROSOFT/.../setup.exe

https://drive.google.com/uc?id=0B1ygbuz23pTbOUF0MmZYVWR6Qk0&export=download

https://dl-web.dropbox.com/get/microsoft office 2013 32 and 64 bit with activator/.../setup.exe

https://www.dropbox.com/pri/get/PROGRAMAS/.../setup.exe

https://doc-0g-5s-docs.googleusercontent.com/docs/securesc/eqc15u3i3ldf9p16884p7e6g0cs5tfgt/igde8n2vuut9fnpcmtdmq3qlfo2ge8bo/1476878400000/11031044826708904635/.../0B-dCVCRB9GBsUGhnN3ZEYWp1akU?e=download

https://mgdubai.ddns.net:8082/.../setup.exe

http://software.softwaare.net/d/click/.../?uid=uid&sid=M3wzNDMyfEZSfDN8MXx8|a956b30b255dca3bb9fcc25abff16d1d-45-731&filename=Setup

https://docs.google.com/uc?authuser=0&id=0B-5znfBsJVq6WUNwbXVBRFktUGs&export=download

https://dl-web.dropbox.com/get/.../setup.exe

https://doc-0o-6c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aqbsvpuf7g4a43944t1g8mqfj8sp47hk/1473710400000/10604262956071250124/.../0B6pOhr29sv8ec2FqeHJWUVp6azA?e=download

https://doc-0k-6s-docs.googleusercontent.com/docs/securesc/stqi1867namqb4og7qvqc2sle9jantlg/c6s047icct7do1jqh72mt76fr2nekint/1480104000000/06126033702570637716/.../0B7HQF2lYq12rby1tdXVSOGJiMDg?e=download

https://www.dropbox.com/pri/get/.../setup.exe

http://www.delmonte.netronics.us/.../setup.exe

https://doc-00-a0-docs.googleusercontent.com/docs/securesc/7938q9peai8hh6st6rmkk7gtt5ebramh/tf4hpu9lv8uv3tajboqpjt2780493iio/1473156000000/05913745474641747566/.../0B51huUcBaQQCSGN4UFk4UkMxT2c?e=download

blob:https://securisync.intermedia.net/1f6bc0e9-e213-4506-8965-09312a712898

Latest 30 of 54 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.